Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Update Your “Novell Filr” ASAP, Several Vulnerabilities Discovered By Researcher!

 

Are you using “Filr” for sharing and accessing your corporate data? If yes, please update your “Filr” as soon as possible. Researchers of SEC Consult, discovered several security flaws in it. Filr is a widely used tool by corporate giants to access and share official files. Filr is a product of British Software Company “Micro Focus”. It was first developed by Novell, later in 2014 they merged with this British Software Company.

 

What is the Vulnerability?

Security Researchers of SEC Consult were doing research on this product of Micro Focus from the staring of May 2016. One of its researcher found several critical vulnerabilities in two widely used version of Filr. Hackers could exploit these vulnerabilities to upload remote files in the system, to execute malicious remote files and commands and to change configuration files of an appliance. Filr’s “Version 1.2 and 2.0” contains these security issues. By exploiting these vulnerabilities, hackers could gain the full control of the product.

 

List of the Vulnerabilities

  • Authentication Bypass
  • Persistent XSS (Cross-Site-Scripting)
  • Insecure File Permission
  • CSRF (Cross Site Request Forgery)
  • Path Traversal Vulnerabilities
  • Command Injection

 

Also read: "Delilah Malware" Can Record Your Videos Anonymously, to Blackmail You For Becoming a Insider Threat!

 

Another vulnerability was discovered by researcher, which was allowing hackers to steal session cookies. Filr is not using HttpOnly flag in its web interface for the security of session cookies. Directly it is not that much harmful but hackers could take advantage of it, by exploiting it with a persistent XSS attack.

 

What About Security Updates?

A security update has been released by Micro Focus for the patch of these major vulnerabilities. Maximum vulnerabilities has been patched by the vendor in this update but a major HttpOnly flag issue is still pending. According to Micro Focus, if they will patch this right now Filr will not work properly and users may face problems. In this update they also fixed some other vulnerabilities which were discovered by researchers in May 2016. “BadLock” Samba Vulnerability is one of them. You can check the details of these vulnerabilities, it have been registered under following CVE identities:

 

  • CVE-2016-1607
  • CVE-2016-1608
  • CVE-2016-1609
  • CVE-2016-1610
  • CVE-2016-1611
 

“Update Your Filr Installations as soon as possible, if you want security of your files.”

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.