Potential Security Issues in DNN 9.2.2.178

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the Community Exchange, where community members ask and answer questions about DNN. To get started, just start typing your question below and either select one of the suggested questions or ask a new question of your own.

Potential Security Issues in DNN 9.2.2.178

Return to previous page

12/20/2018
6587 Views

1 Answer
Last Activity: 5 years ago, Michael Tobisch

Tags:

Question:

0

Reuben Gwyn 5 years ago

Add an Answer

Potential Security Issues in DNN 9.2.2.178

Reuben Gwyn 5 years ago

Add an Answer

Answers

Answer View More

Hi, we have recently upgraded a site to 9.2.2.178 in an effort to close a potential security issue we were made aware of from our security company, however in a scan of our site yesterday, they're suggesting the issue still exists.

Can someone please confirm if we need to do anything about the following. Please note, this site is an upgrade from 8.0.0 or earlier, however I've checked the telerik versions in use and they're the same as sites running clean installs of DNN 9.1+ from what I can see:

The security report noted:

4.1. Telerik UI Component Cryptographic Security Bypass

Risk medium

Severity high

Likelihood minor

Technical Details

The vulnerability scanning detected the existence of a Telerik UI Component, that may be vulnerable to a security issue that can be exploited to the disclosure of server encryption keys.

Telerik.Web.UI.dll in fails to properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.

Knowledge of these keys in web applications using Telerik UI for ASP.NET AJAX components can lead to:

▪ cross-site-scripting (XSS) attacks

▪ leaking of MachineKey

▪ compromise of the ASP.NET ViewState

▪ arbitrary file uploads/downloads

The component was detected via the following URL, however the web.config server configuration file should be reviewed to identify all locations of the Telerik controls.

http://www.domainname.co.nz/DesktopModules/Admin/RadEditorProvider/DialogHandler.aspx?dp=/././

Consequence

It may be possible for a remote unauthenticated attacker to exploit a weakness in this component which will disclose encryption secrets. With knowledge of these secrets it is then possible to generated further valid requests which can be used to execute other attacks including the possibility of arbitrary uploading and downloading of files.

Recommendation

To address this issue, Insomnia Security recommends the following:

▪ Ensure the appropriate patch update from Telerik has been applied.

https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness

As this issue was detected remotely, it is possible that this issue has already been patched. Insomnia Security should be notified of the status of this issue for clarification in future reports.

References

Telerik

▪ https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness

Exploit-DB

▪ https://www.exploit-db.com/exploits/43873/

Note: am I reading this wrong, and the issue lies with the old Radeditor, which should no longer be in use, vs the telerik dll's in the bin folder?

Any help is appreciated.

Products

Solutions

Resources

Partners

Community

Blog

About

QA

Ideas Test

New Community Website

Potential Security Issues in DNN 9.2.2.178

Question:

Top Answer:

Potential Security Issues in DNN 9.2.2.178

Answers

Related Content

Related Content

DNN Corp. (DotNetNuke)