Vulnerabilities > CVE-2014-8686 - Cryptographic Issues vulnerability in Codeigniter
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Metasploit
| description | Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open to attack from users without the need for authentication. The cookie can be easily decrypted using a known static encryption key and re-encrypted once the PHP object string has been modified. This module has been tested on the STBN300 device. |
| id | MSF:EXPLOIT/LINUX/HTTP/SEAGATE_NAS_PHP_EXEC_NOAUTH |
| last seen | 2020-06-10 |
| modified | 2017-07-24 |
| published | 2015-03-01 |
| references |
|
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/seagate_nas_php_exec_noauth.rb |
| title | Seagate Business NAS Unauthenticated Remote Command Execution |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/130609/seagate_nas_php_exec_noauth.rb.txt |
| id | PACKETSTORM:130609 |
| last seen | 2016-12-05 |
| published | 2015-03-02 |
| reporter | OJ Reeves |
| source | https://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html |
| title | Seagate Business NAS Unauthenticated Remote Command Execution |
The Hacker News
| id | THN:88621B70C7F5EC61ED5F438C1F1EF3E0 |
| last seen | 2018-01-27 |
| modified | 2015-03-02 |
| published | 2015-03-01 |
| reporter | Swati Khandelwal |
| source | https://thehackernews.com/2015/03/seagate-nas-device-vulnerability.html |
| title | Seagate NAS Zero-Day Vulnerability allows Unauthorized Root Access Remotely |