Gitlab vulnerability allows session theft
Table of contents:
Again a vulnerability is found on the Internet. Today is GitLab's turn. Security experts have detected a vulnerability that allows the theft of started sessions to users. Imperva is the company that has detected this security flaw. And also the origin of the problem.
Vulnerability in GitLab allows session theft
As they comment, the problem lies in the token that is used to mark the sessions of the users. The ID that identifies this item is too short. This causes a brute force attack to be carried out and the ID that corresponds to the user's session can be found very quickly.
GitLab vulnerability
The problem is that in the case of GitLab this information is not destroyed, something that does happen in most cases. Because if someone manages to identify a user's token, they could carry out all kinds of actions with their account. In addition to having access to your information, you could modify it or make unwanted purchases with it.
It has been commented that brute force is one of the ways they use to obtain this information in GitLab. Although there are also other ways. Another way is with a Man-in-the-Middle attack, since the tokens do not expire. A code injection would also be used in the database. Although in this type of attack there needs to be a security flaw in the servers. And it seems that is not the case this time.
The company has set to work to solve the problem. Some token verification measures have been added. But at the moment there are no more news. GitLab has announced changes throughout the month, so we will see what happens.
Grub 2 vulnerability allows security to be skipped
A serious security problem has been discovered in GRUB 2 with which anyone with physical access can freely access the system
Vulnerability in ssd disks allows corrupting information
A vulnerability in SSD disks allows corrupting information. Discover the new vulnerability detected in NAND chips.
A vulnerability in gnupg allows you to crack rsa
A GnuPG vulnerability allows you to crack RSA. Find out more about the new vulnerability detected and the danger it poses.