5

As security tester, I need to report and justify that a security misconfiguration in a 3rd party application is a risk to us.

Following is the scenario:

1.) There is a 3rd party application which the customers use to submit their applications to us. We receive the data from the 3rd party application and process them further.

2.) In that particular application, upon clicking a hyperlink an error page is being displayed with the following information:

a) Source file path (however it is forbidden when tried to access)
b) .Net framework version which is vulnerable ASP.Net Forms Authentication Bypass
c) IIS server version (7.5) which has exploits as per my knowledge.

What is the risk of this misconfiguration to us. How to justify it?

Note: This error page appears only after a user is logged in. And this is a public facing application.

Sai Dutt Mekala
  • 343
  • 2
  • 10

2 Answers2

1

The source file path is not necessarily an issue. However it is bad practice and leaks information that may be useful for exploiting other issues.

IIS server version (7.5) which has exploits as per my knowledge.

IIS 7.5 is still under Extended Support until 2020. This means it should receive security updates - so this isn't necessarily an issue. You would need to request the patch history from the 3rd party.

.Net framework version which is vulnerable ASP.Net Forms Authentication Bypass

Again this was patched. A version number alone means nothing.

What is the risk of this misconfiguration to us. How to justify it?

What exactly is it your clients submit to you? If it is there application executables are these distributed publicly? Or are they server side applications? And are they signed?

The biggest security risk I can see would be if someone patched a flaw in the application before submitting it to yourselves. Hence the client would have a vulnerability which you would not be able to make them aware of.

Hector
  • 10,893
  • 3
  • 41
  • 44
0

As a security best practice, it is always recommended not to leak any information regarding systems to public/legitimate users.

This may lead to security breaches as hackers might be able to use this information to find holes in the system/application.

For example, IIS 7.5 has lots of vulnerabilities, please refer to https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-3436/version_id-92758/Microsoft-IIS-7.5.html.

ASP.NET has several vulnerabilities, please refer to https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-3091/Microsoft-Asp.net.html.

Hence, it is always recommended to safeguard a system's back-end information.

EdOverflow
  • 1,246
  • 8
  • 21
Sayan
  • 2,033
  • 1
  • 11
  • 21