Select Page

VMWare officially issued a security bulletin, disclosing the authentication bypass vulnerability (CVE-2022-22978). The Hillstone sBDS Solution can support the detection of this vulnerability.

Introduction

VMWare officially issued a security bulletin, disclosing the authentication bypass vulnerability (CVE-2022-22978). It exists in specific versions of Spring Security, a security management framework in the Spring family. 

Vulnerability

The nature of the regular expression writer RegexRequestMatcher is to allow for flexible configurations, as noted by the dotted symbols (.) representing wildcards. These symbols are useful for writing flexible regular expressions, be it for fuzzy matching purposes, or for more flexible configuration requirements to follow by. However, recently, it was discovered that when using RegexRequestMatcher in Spring Security, regular expressions containing dotted symbols could result in the creation of malicious packets that attackers can leverage to bypass authentication on some servlet containers.

Affected Version

Spring Security 5.5.x < 5.5.7

Spring Security 5.6.x < 5.6.4

Remediation

The vendor has released the patches and we recommend users to update Spring Security 5.5.x to 5.5.7, and Spring Security 5.6.x to 5.6.4. Please visit:

https://github.com/spring-projects/spring-security/releases/tag/5.5.7

https://github.com/spring-projects/spring-security/releases/tag/5.6.4

Preventing attackers from being able to edit their LDAP user entry prevents them from controlling the inputs required to make this attack.

Implementing the Fix

The Hillstone sBDS Solution can support the detection of this vulnerability.

Figure 1. Authentication bypass vulnerability detected by Hillstone IDS

The hotspot intelligence of this vulnerability is available on Hillstone iSource as well.

Figure 2. Hotspot intelligence on Hillstone iSource

iSource V2.0R7: Immediately Experience Security that Works

Breaking the Mold: Halting a Hacker’s Code ep. 4 – Black Basta

Inhibit Application Threats (OWASP) with Hillstone WAF V3.0

OT and IoT security will be a topic of concern

Simplify and Virtualize Your SD-WAN Implementation with HSM V5.2

Hillstone Networks Included in 2022 Gartner® Emerging Technologies: Adoption Growth Insights for Cloud Workload Protection Platforms Report

Breaking the Mold: Halting a Hacker’s Code ep. 2 – F5 BIG-IP

Getting from ‘Good Enough’ to Great in Cybersecurity

Hillstone Networks sBDS Included in 2021 Gartner® Emerging Trends: Top Use Cases for Network Detection and Response