Security News > 2023 > August > Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks

Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry's users.

"These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package," Aqua security researchers Mor Weinberger, Yakir Kadkoda, and Ilay Goldman said in a report shared with The Hacker News.

Maintained by Microsoft, PowerShell Gallery is a central repository for sharing and acquiring PowerShell code, including PowerShell modules, scripts, and Desired State Configuration resources.

The issues identified by the cloud security firm have to do with the service's lax policy surrounding package names, lacking protections against typosquatting attacks, as a result enabling attackers to upload malicious PowerShell modules that appear genuine to unsuspecting users.

"However, this will only lead them to the profile of the fake author, as the attacker can freely choose any name when creating a user in the PowerShell Gallery. Therefore, determining the actual author of a PowerShell module in the PowerShell Gallery poses a challenging task."

"The responsibility for securing users primarily lies with the platform. It's essential that PowerShell Gallery, and similar platforms, take necessary steps to enhance their security measures."

News URL

https://thehackernews.com/2023/08/experts-uncover-weaknesses-in.html