Cyber Security News

JumpServer Flaws Allow Attackers to Bypass Authentication and Gain Full Control

JumpServer, a widely used open-source Privileged Access Management (PAM) tool developed by Fit2Cloud, has been found to have critical security vulnerabilities.

These flaws, recently highlighted by SonarSource’s vulnerability research team, allow attackers to bypass authentication and potentially gain full control over the JumpServer infrastructure.

JumpServer acts as a centralized gateway to internal networks, offering features like SSH, RDP, and FTP tunneling through a user-friendly web interface.

However, its compromised state can grant attackers access to the entire internal network.

JumpServer FlawsJumpServer Flaws
breakdown of the key components

Technical Details of the Vulnerabilities

The vulnerabilities primarily stem from architectural mistakes, particularly inadequate isolation between microservices.

JumpServer’s architecture includes several independent components, such as the Core API, Database, Koko, Celery, and Web Proxy, each running as a Docker container.

The Core API handles authentication and authorization, while Koko manages tunneling functions like SSH connections.

The vulnerabilities exploit weaknesses in public key authentication and multi-factor authentication (MFA) mechanisms.

For instance, attackers can impersonate the Koko service by directly accessing the Core API via the web interface, bypassing public key validation.

Additionally, MFA bypass vulnerabilities allow attackers to evade rate-limiting mechanisms by manipulating the remote IP address in API requests.

MFA bypass

Impact and Fixes

These vulnerabilities, tracked under CVEs like CVE-2023-43650, CVE-2023-43652, and CVE-2023-46123, were addressed in JumpServer versions 3.10.12 and 4.0.0.

The fixes include separating public key authentication APIs, introducing state tracking for partial success in SSH authentication, and enhancing MFA by trusting only requests originating from Koko.

Organizations using JumpServer are advised to update to the latest patched versions to prevent potential attacks.

The collaboration between researchers and Fit2Cloud has been commended for promptly addressing these security issues, underscoring the importance of continuous security assessments and secure coding practices.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup – Try for Free

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Woodpecker: Red Teaming Tool Targets AI, Kubernetes, and API Vulnerabilities

Operant AI has announced the release of Woodpecker, an open-source automated red teaming engine designed…

47 minutes ago

Massive Botnet Targets ASUS Routers by Injecting Malicious SSH Keys

GreyNoise Research has publicly disclosed a sophisticated cyberattack campaign that has compromised over 9,000 ASUS…

1 hour ago

Malicious WordPress Plugin Disguised as Java Update Infects Site Visitors

A troubling new cyber threat has emerged targeting WordPress websites, where a malicious plugin masquerading…

1 hour ago

APT Hackers Turn Google Calendar Into Command Hub Using TOUGHPROGRESS Malware, Google Alerts

Google Threat Intelligence Group (GTIG), a sophisticated malware campaign dubbed "TOUGHPROGRESS" has been uncovered, orchestrated…

2 hours ago

Critical OneDrive Flaw Lets Malicious Websites Access All Your Files

A newly revealed vulnerability in Microsoft’s OneDrive File Picker has placed millions of users at…

2 hours ago

Zanubis Android Malware Harvests Banking Credentials and Executes Remote Commands

The Zanubis Android banking Trojan has evolved into a highly sophisticated threat, initially targeting financial…

16 hours ago