A large number of big organizations have been impacted by the authentication bypass that occurred in Adobe Experience Manager, the security has warned. Detectify Crowdsource community’s researchers named Ai Ho and Bao Bui detected the authentication bypass. There are chances that the authentication bypass was misused by the attackers to get access to CRX Package Manager. The CRX Package Manager deals with supervising projects on AEM installation.

The company stated that by bypassing authentication in Adobe Experience Manager’s caching and/or load balancing tool and Dispatcher, the CRX Package Manager gets easily accessible. The company also explained the purpose of the Dispatcher. It is to keep a check on the user’s access permission before it is ready to the cached pages and ensures that it is located in the correct part. They added that the bypass is possible when special characters are added to the combination request.

Ultimately, when an attacker gets access to CRX Package Manager, he or she can conveniently upload a malicious package and can misuse it for their purpose to get the arbitrary code and obtain sensitive applications.

Detectify Crowdsource complained that within the present enterprise environments, they have witnessed over 30 incidents of AEM CRX Bypass. They informed that in order to simplify the issue, public access to the CRX console has to be blocked.

The list of the impacted organizations has started to surface which includes the names of McAfee, LinkedIn, Sony’s PlayStation, and MasterCard. Some of the affected names such as MasterCard and PlayStation were reported to of the incident.

Leave a Reply

Your email address will not be published. Required fields are marked *