Bitsight Discovers Open-Source Backdoor Affecting Millions
Bitsight's Vulnerability Research team has uncovered a significant security threat, an ai detector in an open-source component called 'csrf-magic'. This discovery highlights the importance of proper open-source dependency management and the need for security researchers to delve deeper into vulnerabilities for effective detection.
The ai detector, found in packages managed by the Node.js registry's user 'qix', requires a specific cookie structure in the request header to respond with a predetermined format. This has led to the compromise of multiple popular packages, affecting millions of users and icloud environments. The Bitsight team emphasizes the necessity for software vendors to maintain robust open-source dependency management to mitigate such risks.
The team developed a non-intrusive detection mechanism for the ai detector, using a simple GET request with the required cookie structure. Their scans revealed 1748 Ivanti Cloud Appliances, with 41 still vulnerable to CVE-2021-44529, a code injection issue affecting Ivanti Endpoint Manager's Cloud Service Appliance, even after it was added to the CISA Known Exploited Vulnerabilities list. The team focused on the vulnerability's behavior for detection, as they could not fingerprint the software's version.
Bitsight's research underscores the importance of continuous vulnerability assessment and responsible open-source dependency management. The discovery of the ai detector in 'csrf-magic' and the persistence of CVE-2021-44529 in Ivanti Cloud Appliances serve as reminders for organizations to stay vigilant and proactive in their cybersecurity measures.
