Latest YouTube Video

Tuesday, May 10, 2016

[FD] Skype Manager - (Email Change) Filter Bypass Vulnerability

Document Title: =============== Skype Manager - (Email Change) Filter Bypass Vulnerability References (Source): ==================== http://ift.tt/1SYjhyg MSRC Case 32353 TRK:0001002845 Release Date: ============= 2016-05-09 Vulnerability Laboratory ID (VL-ID): ==================================== 1672 Common Vulnerability Scoring System: ==================================== 5.2 Product & Service Introduction: =============================== Skype is a proprietary voice-over-Internet Protocol service and software application originally created in 2003 by Swedish entrepreneur Niklas Zennström and his Danish partner Janus Friis. It has been owned by Microsoft since 2011. The service allows users to communicate with peers by voice, video, and instant messaging over the Internet. Phone calls may be placed to recipients on the traditional telephone networks. Calls to other users within the Skype service are free of charge, while calls to landline telephones and mobile phones are charged via a debit-based user account system. Skype has also become popular for its additional features, including file transfer, and videoconferencing. Competitors include SIP and H.323-based services, such as Linphone, as well as the Google Talk service, Mumble and Hall.com. Skype has 663 million registered users as of September 2011. The network is operated by Microsoft, which has its Skype division headquarters in Luxembourg. Most of the development team and 44% of the overall employees of the division are situated in Tallinn and Tartu, Estonia. Unlike most other VoIP services, Skype is a hybrid peer-to-peer and client–server system. It makes use of background processing on computers running Skype software. Skype`s original proposed name (Sky Peer-to-Peer) reflects this fact. Some network administrators have banned Skype on corporate, government, home, and education networks, citing reasons such as inappropriate usage of resources, excessive bandwidth usage, and security concerns. (Copy of the Vendor Homepage: http://ift.tt/jklewy) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a hidden function to change unauthorized email accounts of the official Skype Manager web-application. Vulnerability Disclosure Timeline: ================================== 2016-01-19: Researcher Notification & Coordination (Karim Rahal) 2016-01-20: Vendor Notification (MSRC - Skype Security Team) 2016-01-28: Vendor Response/Feedback (MSRC - Skype Security Team) 2016-05-05: Vendor Fix/Patch #(Microsoft Skype Developer Team) 2016-05-09: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Microsoft Corporation Product: Skype Manager - Online Service (Web-Application) 2016 Q1 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A filter bypass vulnerability has been discovered in the official Microsoft Skype Manager online service web-application. The vulnerability allows to bypass a secure set filter restriction of the web-application to deny unauthorized interaction by criminals on account take-over attacks. Filter bypass is a vulnerability which performs evasion on a certain filter and bypasses it, in this case it was able to bypass the filter which didn`t allow a user/attacker to change his email without entering his password etc.. but with this filter bypass you can just change ur email simply through being inside the account, you don`t even have to know the account`s password. This filter bypass is done because there isn`t enough validation/checking inside the API which didn`t check if its his actual email or if he can actually change it, in addition, this vulnerability easily allowed Full account Takeover once exploited, simply a hacker would hack into an account throgh session but he wouldn`t have full access because he doesn`t have the password, but this filter bypass allowed him to change password then send a change password link to the changed email which is his hacking email, and then he resets the password and tadaa! he now has full access to the account. The security risk of the filter bypass vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 5.2. Exploitation of the filter and validation web vulnerability requires a low privileged skype user account with restricted access and low user interaction. Successful exploitation of the vulnerability results in an account take-over one malicious interaction. Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers with low privileged skype web-application user account and low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Go to manager.skype.com 2. Register for a manager company if you haven't already 3. Go to your user/member's settings of your own account 4. Go down to Contact details 5. Right click on your email address >> inspect element 6. Find the link with


Source: Gmail -> IFTTT-> Blogger

No comments: