CVE-2021-22941 – May be it is not related, or else was getting the User Enumeration incident waiting to happen (17-09-2021)

Preface: With storage zones controllers, the ShareFile Software-as-a-Service (SaaS) cloud storage also offers private storage for ShareFile data, which is known as storage zones.

What is the difference between Dropbox and ShareFile?
The goal of ShareFile is to help your team easily share, sync and store large files from any device without compromising important data. And unlike Dropbox, ShareFile provides the security, visibility and access your business needs from a single cloud-based dashboard.

Background: What is user enumeration?

User enumeration allows attackers to conduct dictionary attacks against systems and reveals information about who has access to them.

Since below services are commonly accessible from the Internet, and often use the organisation’s internal Active Directory (AD) for authentication, this creates a situation where an attacker on the Internet can easily identify usernames from an internal Windows domain.

  • Office 365 ActiveSync
  • Active Directory Federated Services (ADFS) single sign-on

Without a user enumeration flaw to receive a list of users, these attacks become difficult. Attacker make use of nmap in common way (e.g. $ nmap -p139,445 –script smb-enum-users )

Additional: Other than that, CVE-2021-22941 is the hottest matter this week . A security issue has been identified in Citrix ShareFile storage zones controller which, if exploited, would allow an unauthenticated attacker to remotely compromise the storage zones controller. The official announcement can be find in this link – https://support.citrix.com/article/CTX328123

Ref: The flaws (user enumeration) have been exposing internal corporate networks to attacks for years, yet are undetected by leading vulnerability scanners.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.