A security researcher from Israel says his group of security researchers discovered a hidden backdoor to the popular security software access control magazine.
In a video posted to Twitter and LinkedIn, Hana Elahi says they discovered a “man in the middle” attack that is able to hijack a website’s access control.
And that was it.
There was no authentication.”
“It’s pretty simple,” Elaha said.
“We just need to extract the URL from the HTML file, and it’s basically this simple.
It’s a simple way to extract a security vulnerability and use it to hijak a website.”
In the video, Elahi also points out that it’s a very small piece of code.
“The exploit itself is actually only 0.03 KB.
But the trick is that the code only needs to be executed once,” Elhais said.”
In other words, it’s just one line of code and we can execute it again and again without a single change.”
He added, “There’s no indication that it would be exploitable by a normal user, because it only executes once, and the only change we make is changing the URL.”
In addition to his work on security, Elaha is also a member of the Israel Security Research Team.
In addition to writing security reports for the country’s security agencies, Elhaisi is also the author of an upcoming security research paper.
“This is a great vulnerability because it shows how to bypass a security hole and a vulnerability in the software we use,” he said.
The researchers said they found the vulnerability in a security sandbox that uses a version of the Apache web server, which is the web server used by many web developers.
Elahi said the researchers discovered the vulnerability after they analyzed a security tool for Apache, and that it was not present in any other versions of the web service.
He said that if a website owner wants to get a fix for the vulnerability, they should use the Google Chrome extension “Browser Security Update.”