Remember my last post about CSRF and me predicting that this will be the vulnerability of 2008?
Amazingly, in the meantime, there were two CSRF vulnerabilities published by heise alone. It seems like it’s really hitting the mainstream media.
The first CSRF flaw was discovered in Linksys’ WRT54GL WLAN router. It allows an attacker to e.g. turn off the firewall of the router or create port forwardings. However I agree that this is not the most critical vulnerability. How many people are permanently logged into their WLAN router?
On a side note, the security issues raised by GnuCitizen about the use of UPnP (Universal Plug and Play) are quite more interesting. Of course, you have to be on the local network to exploit it, but especially with WLANs this is not so difficult. UPnP allows you to gather information like WAN connection passwords and even lets you change configuration settings (e.g. the configured DNS server). I really recommend to read the GnuCitizen article.
The second CSRF vulnerability is a little bit more dangerous. It allows to add new admin accounts to the backend of web pages powered by Joomla. Visiting a crafted web page while being logged into the admin interface of Joomla does the trick.
I do not think that these two flaws are even roughly as amazing as the one I wrote about a couple of days ago, but I think it’s interesting that CSRF is finally hitting the mainstream media. It’ll be fun to watch what’s coming next.
Picture of traffic sign signaling public Internet access in Hungary by tillwe
Tags: CSRF, Hack, Security, UPnP, Vulnerability, Wireless, WLAN
January 23, 2008 at 1:47 pm
[...] over CSRF In my posting CSRF: And Go it Does, I wrote about a recently discovered Cross-Site-Request Forgery vulnerability in Linksys WLAN [...]