Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label XS-Leak. Show all posts

OpenSea NFT Market Users' Identities Were Exposed via a Bug

In 2022, OpenSea had more than 1 million members who had registered and more than 121 million people visited the website each month. Because of this, OpenSea is not only the biggest NFT market but also a highly attractive target for cybercriminals. Any platform flaw could present a chance for criminal activity and result in catastrophe for gullible consumers.

The cross-site search vulnerability, which a hacker can use to gain user identities, was made possible by a misconfiguration.

According to the report, OpenSea has subsequently issued a patch to address the problem. In order to reduce the possibility of additional exploitation, the patch limits cross-origin communication. The vulnerability no longer exists, according to the cyber security company's analysis of the remedy.

Web applications which use query-based search systems are vulnerable to cross-site search. By submitting queries and looking for variations in the search system's behavior when it returns or doesn't, it enables an attacker to retrieve sensitive data from another origin.

After confirming that the fundamental exploit strategies were effective, researchers started looking at OpenSea's search feature. ElasticSearch was referenced by the company in one of their job listings, therefore this is probably the engine they utilize for their search function. 

With the help of ElasticSearch, you can swiftly search through and analyze huge amounts of data. ElasticSearch's capacity to normalize language via language-specific analyzers and stemmers is one of its important features.

The $13.3 billion market's use of the incorrectly configured iFrame-resizer library is the root of the problem. Cross-site search vulnerability occurs when this library is used in environments where cross-origin communication is unrestricted. This problem resulted from OpenSea's lack of restrictions.

Misconfiguration permits the existence of this bug and user identity exposure. Given that the NFT ecosystem is solely predicated on anonymity, this kind of weakness might have major financial repercussions for OpenSea because, if exploited, the attacker could conduct phishing assaults. They could also keep tabs on those who made the most expensive NFT purchases.

Immediately after the vulnerability was made public, OpenSea patched it by limiting cross-origin communication. This reduced the vulnerability's potential for further exploitation. In order to stop the exploitation of these platforms, it is crucial to be constantly on the lookout for inherent faults and vulnerabilities.


New Method to Perform XS-Leak Side Channel Attacks Disclosed

 

Luan Herrera, a cybersecurity expert committed to vulnerability reporting, detailed another approach to performing a side-channel assault variant known as XS-Leak abusing redirect hops to trigger a cross-site leak condition. Herrera's research centers around the XS-Leaks group of side-channel assaults, equipped for abusing a browser to extricate conceivably sensitive data into the exposed system, including administrator credentials. XS-Leak assault strategies depend on measuring network reaction time to gather information about site visitors by abusing communication channels that permit sites to communicate with one another to recreate a client's or system's profile. 

The documents mention a "novel technique" for abusing a limitation in the Fetch specification, a way that permits sites to call resources: “A limit of 20 redirect hops is set before a network error message appears; because of this limit, threat actors could count the number of redirect hops that occur in a cross-origin redirect by activating the redirect before reaching the victim’s endpoint, measuring network responses, and partially exposing the size of the URL list,” the report says. 

The expert additionally detailed a few different ways to detect and forestall these cross-redirects that can prompt a side-channel assault, including the utilization of SameSite cookies, COOP and frame protections. Google is likewise aware of this issue, so measures such as confining some chrome-accessible websites have just been announced to reduce the amount of data exposed in a potential side-channel assault. 

Herrera concurs that this assault can be forestalled in the same way that similar assault variations are forestalled, although he believes that a holistic perspective on the issue is required: “A comprehensive view of the problem is still being discussed on GitHub about whether it is possible to change the Fetch specification and the limit value in order to prevent the appearance of these attack variants,” adds the researcher. 

The report also incorporates the results of a challenge to deploy an XSS assault utilizing JavaScript code. A Google security expert known as "terjanq" also directed an investigation concerning the XS-Leak family of assaults, describing the launch of a cache polling assault against a small group of Google products, which could deploy a leak of sensitive data.