OutSystems has identified a security vulnerability on the authentication mechanism used for communication between OutSystems Platform components that could allow users that have limited access to one environment to elevate privileges on that environment and on other environments managed by the same LifeTime.
OutSystems has assessed the impact of this vulnerability for both cloud and on-premises deployments, and across all supported stacks. The information in this article will allow you to ascertain the level of exposure your systems may have, and how you should proceed to solve the threat.
Technology Stacks Affected
This vulnerability affects all supported platform stacks in versions prior to 9.1.614.0 for OutSystems Platform Version 9 and 10.0.816.0 for OutSystems Platform version 10.
How to Fix On-Premises Installations
OutSystems issued new versions for all supported platforms.
The fixes are available from versions 9.1.614.0 and 10.0.816.0 onwards. All clients that have yet to update their platform instances are strongly encouraged to do so.
OutSystems Cloud Customer can open a support case requesting an update of OutSystems Platform to versions where this vulnerability has been corrected.
More About This Vulnerability
The basis for this vulnerability is a “Pass the Hash” attack. Some internal web services used to accept hashes as authentication. This means that a developer can obtain the hash for any user’s password from the database and use it to authenticate against these web services. These web services allow high privilege operations on the platform, including a way to login with that user in Service Center.
Who can exploit this vulnerability?
Any user that has developer access to any environment.
From where can this vulnerability be exploited?
Once a developer obtains an hash, he can utilize it from any point where Service Center is available.
Vulnerability reported by Carlos Alfaro, an OutSystems Most Valued Professional.