La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Ultimi Comunicati Stampa

Redazione ufficio stampa

Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati

CVE-2024-31842

CVE-2024-31842 – Italtel Embrace

Vulnerability Description: Use of GET Request Method With Sensitive Query Strings - CWE-598

Software Version: 1.6.4

NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-31842

CVSS: 8.8

Severity: High

Credits: Luca Carbone, Fabio Romano, Federico Draghelli, Massimiliano Brolli

 

The web application inserts the access token of an authenticated user inside GET requests.

Step-by-step instructions and PoC

The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Since the access token in sent in GET requests, this vulnerability could lead to complete account takeover.

Below are the evidences with the vulnerability details and the payloads used.

In the following screenshot there is an example of a GET request that contains the access token in the query string. This vulnerability is applicable to almost every functionality of the web application.

Figure 1 - Access token in query string

Click To Enlarge

Figure 2 - The access token is in the URL of the GET request

Click To Enlarge

Security Impact

An attacker that is able to read the token could access the web application as another user.