michelangelus - Fotolia
A flaw that exposed an unauthenticated script was recently found and fixed in Navarino Infinity, a maritime communications bandwidth management system used on ships with any type of satellite communication system. What was the flaw, and what types of threats did it enable?
The flaw found in Navarino Infinity version 2.2 and earlier was due to the presence of an unauthenticated web interface script left accessible by the satellite communication system.
The vulnerabilities it exposed to attackers were blind SQL injection, session fixation and authentication bypass using an alternate path. These vulnerabilities include:
- Blind SQL injection: This vulnerability doesn't require human intervention, as it blindly asks the database true or false questions and determines the answer based on the application response. All or part of a SQL command is constructed using external input from an upstream component. Navarino Infinity doesn't neutralize or incorrectly neutralize special elements that could modify the SQL command when sent to a downstream component.
- Session fixation attack: This vulnerability allows an attacker to find, set or hijack another person's valid session identifier that is being accepted from a query string on the URLs. A web application doesn't invalidate the current session when the person is authenticated. In a simple scenario, the attacker creates a new session and records the associated session identifier while the victim authenticates against the server using the session identifier. The server accepts the session identifier as a GET parameter, not as POST data -- enabling the attacker to access the authenticated session and the victim's account.
- Authentication bypass using an alternate path: This vulnerability allows an attacker to take advantage of the alternate path that doesn't require authentication, as some functions in the URL don't require it.
When exploited, the vulnerability in the Navarino Infinity software enabled a remote, unauthenticated attacker to bypass authentication, perform administrative functions or inject malicious SQL queries. An attacker could also access data through the victim's satellite communication system installed on the target ship, exposing the ship's destinations to the attacker.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)