A flaw in the authentication logic allows attackers to log in to Sharepoint servers and gain administrative privileges using fake login tokens. The bug has been patched since June, and security researchers have now published the vulnerabilities and technical analysis.
Exploiting the vulnerability CVE-2023-29357 is On GitHub available. The experimental exploit, written in Python, lists the personal information of each site administrator to demonstrate its effectiveness. Mass attacks on vulnerable facilities should now not take long.
Fake login codes undermine authentication
The attack takes advantage of the fact that some Sharepoint server URLs, including API endpoints, are accessible using token-based authentication and can be bypassed using a specially crafted token. This means that attackers with administration rights can access the API endpoints and then move on.
A security researcher used the vulnerability CVE-2023-29357 in March at the Pwn2Own competition in Vancouver to build a test system and is now submitting one. Detailed technical analysis Of the defect.
affected According to Microsoft Version tree versions 16.0.0 that have a version number lower than 16.0.10399.20005. Redmond had already addressed the issue on patch day in June; Administrators should urgently check their Sharepoint servers and, if necessary, Apply patches.
“Prone to fits of apathy. Zombie ninja. Entrepreneur. Organizer. Evil travel aficionado. Coffee practitioner. Beer lover.”