July 20, 2018
Reprise Software has declined to patch a weakness in its Reprise License Manager (RTM) which has been labeled by SpiderLabs at Trustwave.
Found by safety expert, Adrian Pruteanu, the problem comes about by running on the non-standard port 5054 where by default RLM’s web server doesn’t need verification. Attackers can identify a random license file on the server to read and change which might lead to information leak or distant code execution through upload of malware.
Pruteanu said: “In a fresh penetration arrangement, I came across a particularly exciting web application known as RLM, operating on the non-standard port 5054. This obviously caught my eye. After a bit of meddling around, I was able to pinpoint a serious weakness which permitted me to perform code on the server, ultimately resulting in a complete domain compromise.
“Unfortunately, in spite of my best efforts, the seller has declined to deliver patches as they don’t believe these discoveries to be weaknesses,” he continued.
In its reaction to Trustwave, Reprise wrote: “We inform end users not to operate the RLM server – which implements the web server – in privileged mode. There is no cause it requires to run with raised privileges. The authorization and alternatives file editors in the web interface are no longer risky than WordPad or Notepad.”
The weakness was marked to Reprise on May 16, 2018 with the seller stopping communication on May 29.
“Safety holes are seldom made up of secluded weaknesses,” said Eerke Boiten, lecturer of cybersecurity, De Montfort University, Leicester. “In this instance, it seems to be an administrative web interface that does not conform correctly, joined with a server running with very high privileges and one or more anonymous weaknesses that permit this to be abused to the level of complete code implementation.
“Sensible behavior would be to repair each element of this, not to only modify the user manual to make sure that anybody who has a fresh copy of it will not make a hazardous mistake.”