A researcher discovered a flaw in CSS Acronis Cloud. The fault was capable of causing significant data theft. Information on the bug was made available in the first week of November. The vulnerability, which existed in the Acronis Cloud Management Console, was later resolved. (January, 2022).
A technical analysis of the bug was published in the first week of November by Medi.
This is the bug, in the words of Medi, “Since this is an attack relying on the client side, the main risk is [being able to] exfiltrate information found in the vulnerable page and CSRF attacks. The type of bug depends on how the JavaScript handles the user input and the purpose of that parameter.”
READ MORE: Nearly 35% of Cyber Security Experts Say Prioritizing Vulnerabilities is a Tough Task
Here are details of how the overall process takes place, explained by the researcher.
A web-facing URL will automatically pull ‘color _scheme,’ a GET parameter. Once the GET request is on its way, a request happens for a CSS file which in turn is loaded.
Further, when a CSS file is requested, the front-end code cannot sanitize values. As a result, attackers could easily carry out path traversal as a similar file is asked for from another path.
It is to be noted that this path overwrite isn’t very dangerous until and unless it is combined with open redirects. Once this combination occurs, attackers can issue requests and enforce a redirect to external domains. A malicious CSS file will be stored in such places.
“If we specify our CSS file in a domain hosted by us, we can perform the CSRF attack via GET requests by loading an external image using CSS properties like background-image, or exfiltrate user information like [an] IP, Referer header or User Agent. I used my local server, but you can check it out in any external domain you own.” This is how the researcher explained the process.