ATTACK [PTsecurity] Zabbix v5.4.x SSO/SALM Auth Bypass RCE (CVE-2022-23131)

SID: 10007101Rev: 12 views

Sourceptresearch/attackdetection

CreatedMarch 30, 2022

UpdatedMarch 30, 2022

Classificationattempted-admin

alert http any any -> any any (msg:"ATTACK [PTsecurity] Zabbix v5.4.x SSO/SALM Auth Bypass RCE (CVE-2022-23131)"; flow:established, to_server; content:"/index_sso.php"; http_uri; content:"zbx_session="; http_cookie; base64_decode:relative; base64_data; content:"saml_data"; content:"username_attribute"; distance:0; pcre:"/^(?:(?!.*sessionid)|(?!.*sign)|(?!.*session_index))/"; reference:url, blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage; reference:url, github.com/ptresearch/AttackDetection; reference:cve, 2022-23131; classtype:attempted-admin; sid:10007101; rev:1;)

References

url	blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage
url	github.com/ptresearch/AttackDetection
cve	2022-23131

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!