{"id":1782,"date":"2022-01-27T17:16:42","date_gmt":"2022-01-27T22:16:42","guid":{"rendered":"https:\/\/ardent-security.com\/?page_id=1782"},"modified":"2022-01-27T17:16:45","modified_gmt":"2022-01-27T22:16:45","slug":"asa-2021-04","status":"publish","type":"page","link":"https:\/\/ardent-security.com\/en\/advisory\/asa-2021-04\/","title":{"rendered":"ASA-2021-04"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; admin_label=&#8221;Why Ardent-header&#8221; module_class=&#8221;home-head why-ardent-head&#8221; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221; background_image=&#8221;https:\/\/ardent-security.com\/\/wp-content\/uploads\/2021\/02\/Why-Ardent-Background.svg&#8221; background_position=&#8221;top_center&#8221; collapsed=&#8221;off&#8221;][et_pb_row column_structure=&#8221;1_2,1_2&#8243; module_class=&#8221;all-services&#8221; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221;][et_pb_column type=&#8221;1_2&#8243; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221;][et_pb_text admin_label=&#8221;Our Story&#8221; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221;]<\/p>\n<p style=\"text-align: left;\">Ardent Security Advisory<\/p>\n<p>[\/et_pb_text][et_pb_text admin_label=&#8221;Amplify&#8221; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221; custom_padding=&#8221;|34px||||&#8221;]<\/p>\n<h3 style=\"text-align: left;\">Ardent Security regularly identifies zero-day vulnerabilities and exploits in various products. We believe in responsible disclosure.<\/h3>\n<p>[\/et_pb_text][\/et_pb_column][et_pb_column type=&#8221;1_2&#8243; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221;][et_pb_image src=&#8221;https:\/\/ardent-security.com\/\/wp-content\/uploads\/2021\/02\/About-Us-Image-Top.png&#8221; title_text=&#8221;About Us Image Top&#8221; align=&#8221;right&#8221; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221;][\/et_pb_image][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; admin_label=&#8221;Social responsibility&#8221; module_class=&#8221;third-sec social-responsibility&#8221; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221; background_enable_color=&#8221;off&#8221; collapsed=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221; custom_padding=&#8221;|343px||||&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221;][et_pb_text _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221;]<\/p>\n<p><span>#####################################################################################<\/span><\/p>\n<p><span>#<\/span><\/p>\n<p><span># Ardent Security Advisory<\/span><\/p>\n<p><span># Original Disclosure: https:\/\/www.ardent-security.com\/advisory\/ASA-2021-04\/ASA-2021-04_CVE-2021-29396.txt<\/span><\/p>\n<p><span>#<\/span><\/p>\n<p><span>#####################################################################################<\/span><\/p>\n<p><span>#<\/span><\/p>\n<p><span># Product:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 NorthStar Club Management 6.3<\/span><\/p>\n<p><span># Vendor:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Northstar Technologies Inc<\/span><\/p>\n<p><span># URL:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 https:\/\/www.globalnorthstar.com\/<\/span><\/p>\n<p><span># ASA ID:\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ASA-2021-04<\/span><\/p>\n<p><span># CVE ID:\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 CVE-2021-29396<\/span><\/p>\n<p><span>#CWE ID: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 CWE-287 &#8211; Improper Authentication<\/span><\/p>\n<p><span># Subject:\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Authentication Bypass via Systemic Lack of Proper Authentication<\/span><\/p>\n<p><span># Severity: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 High<\/span><\/p>\n<p><span># Author:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Alexandre LaRocque, CEO &lt;alarocque@ardent-security.com&gt;<\/span><\/p>\n<p><span># Date:\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 2022-01-27<\/span><\/p>\n<p><span>#<\/span><\/p>\n<p><span>#####################################################################################<\/span><\/p>\n<p><strong><span>Description:<\/span><\/strong><\/p>\n<p><span>The NorthStar Club Management 6.3 has a systemic lack of proper authentication. It fails to protect many high-privilege functionalities that do not require user authentication to be accessed. This vulnerability was identified by Ardent Security experts while performing penetration testing in Toronto, Canada. <\/span><\/p>\n<p><span>The following list is only a small subset of many more pages and resources that are not protected by authentication by the NorthStar application and that can be accessed by an attacker without authentication (no credentials needed):<\/span><\/p>\n<ul>\n<li><span>\/Common\/NorthFileManager\/fileManager.jsp<\/span><\/li>\n<li><span>\/filemanager\/download.jsp<\/span><\/li>\n<li><span>\/Common\/NorthFileManager\/fileManagerObjects.jsp<\/span><\/li>\n<li><span>\/Admin\/monitor\/CommandExecution\/comoutput.jsp<\/span><\/li>\n<li><span>\/UserFiles\/*anyfile*<\/span><\/li>\n<\/ul>\n<p><span>\u00a0<\/span><strong><span>Technical Description:<\/span><\/strong><\/p>\n<p><span>Due to the dominant market share of the product, no proof-of-concept code is provided.<\/span><\/p>\n<p><strong><span>Affected version(s):<\/span><\/strong><\/p>\n<p><span>Only NorthStar Club Management 6.3 was tested. Older versions could be vulnerable. <\/span><\/p>\n<p><strong><span>Workaround \/ Fix:<\/span><\/strong><\/p>\n<p><span>It is unknown if this vulnerability has been fixed by the vendor.<\/span><\/p>\n<p><strong><span>Vulnerability Severity:<\/span><\/strong><\/p>\n<p><span>CVSS v3.1 Metrics [2]:<\/span><\/p>\n<p><span>&#8211; CVSS Base Score: 10 (High)<\/span><\/p>\n<p><span>&#8211; CVSS Vector: AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:H\/I:H\/A:H<\/span><\/p>\n<p><strong><span>Timeline:<\/span><\/strong><\/p>\n<p><span>2021-03-18: Vulnerability discovery<\/span><\/p>\n<p><span>2021-03-27: Contacted vendor about the vulnerability<\/span><\/p>\n<p><span>2021-03-27: Vendor was given a 90-days period<\/span><\/p>\n<p><span>2021-06-27: Vendor was given an additional\u00a0 90-days period<\/span><\/p>\n<p><span>2021-09-27: Vendor was given an additional\u00a0 90-days period<\/span><\/p>\n<p><span>2022-01-26: Public disclosure<\/span><\/p>\n<p><strong><span>Reference:<\/span><\/strong><\/p>\n<p><span>[1] https:\/\/www.ardent-security.com\/advisory\/ASA-2021-04<\/span><\/p>\n<p><span>[2] https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\/v3-calculator?vector=AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:H\/I:H\/A:H&amp;version=3.1<\/span><\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; admin_label=&#8221;Why Ardent-header&#8221; module_class=&#8221;home-head why-ardent-head&#8221; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221; background_image=&#8221;https:\/\/ardent-security.com\/\/wp-content\/uploads\/2021\/02\/Why-Ardent-Background.svg&#8221; background_position=&#8221;top_center&#8221; collapsed=&#8221;off&#8221;][et_pb_row column_structure=&#8221;1_2,1_2&#8243; module_class=&#8221;all-services&#8221; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221;][et_pb_column type=&#8221;1_2&#8243; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221;][et_pb_text admin_label=&#8221;Our Story&#8221; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221;] Ardent Security Advisory [\/et_pb_text][et_pb_text admin_label=&#8221;Amplify&#8221; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221; custom_padding=&#8221;|34px||||&#8221;] Ardent Security regularly identifies zero-day vulnerabilities and exploits in various products. We believe in responsible disclosure. [\/et_pb_text][\/et_pb_column][et_pb_column type=&#8221;1_2&#8243; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221;][et_pb_image src=&#8221;https:\/\/ardent-security.com\/\/wp-content\/uploads\/2021\/02\/About-Us-Image-Top.png&#8221; title_text=&#8221;About Us Image Top&#8221; [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":1746,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"class_list":["post-1782","page","type-page","status-publish","hentry"],"rttpg_featured_image_url":null,"rttpg_author":{"display_name":"Ardent Security","author_link":"https:\/\/ardent-security.com\/en\/author\/ardentsecurity\/"},"rttpg_comment":0,"rttpg_category":null,"rttpg_excerpt":"[et_pb_section fb_built=&#8221;1&#8243; admin_label=&#8221;Why Ardent-header&#8221; module_class=&#8221;home-head why-ardent-head&#8221; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221; background_image=&#8221;https:\/\/ardent-security.com\/\/wp-content\/uploads\/2021\/02\/Why-Ardent-Background.svg&#8221; background_position=&#8221;top_center&#8221; collapsed=&#8221;off&#8221;][et_pb_row column_structure=&#8221;1_2,1_2&#8243; module_class=&#8221;all-services&#8221; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221;][et_pb_column type=&#8221;1_2&#8243; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221;][et_pb_text admin_label=&#8221;Our Story&#8221; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221;] Ardent Security Advisory [\/et_pb_text][et_pb_text admin_label=&#8221;Amplify&#8221; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221; custom_padding=&#8221;|34px||||&#8221;] Ardent Security regularly identifies zero-day vulnerabilities and exploits in various products. We believe in responsible disclosure. [\/et_pb_text][\/et_pb_column][et_pb_column type=&#8221;1_2&#8243; _builder_version=&#8221;4.7.3&#8243; _module_preset=&#8221;default&#8221;][et_pb_image src=&#8221;https:\/\/ardent-security.com\/\/wp-content\/uploads\/2021\/02\/About-Us-Image-Top.png&#8221; title_text=&#8221;About Us Image Top&#8221;&hellip;","_links":{"self":[{"href":"https:\/\/ardent-security.com\/en\/wp-json\/wp\/v2\/pages\/1782","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ardent-security.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/ardent-security.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/ardent-security.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ardent-security.com\/en\/wp-json\/wp\/v2\/comments?post=1782"}],"version-history":[{"count":0,"href":"https:\/\/ardent-security.com\/en\/wp-json\/wp\/v2\/pages\/1782\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/ardent-security.com\/en\/wp-json\/wp\/v2\/pages\/1746"}],"wp:attachment":[{"href":"https:\/\/ardent-security.com\/en\/wp-json\/wp\/v2\/media?parent=1782"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}