Unauthenticated Remote Code Execution and Path Traversal in LABBIS BONUS Software

General Overview BONUS is a software solution for payroll and time management, offered to businesses by LABBIS as a part of their paid services. An insecure method call mechanism without proper authorization checks was discovered in version of the software. This vulnerability allows unauthenticated attackers to call arbitrary methods from the LABBIS .NET assemblies. […]

Revealing the Identity of Mark Sign Users

MarkSign is a solution that provides functionality of signing documents electronically. The vendor as part of its ecosystem provides “Mark Sign Software” (v1.1.0) package for Windows that enables use of USB Token or Smart Card based devices. Vulnerability in this software package enables a malicious third-party to deanonymize unsuspecting user over the WEB by means […]

Extraction of Personally Identifiable Information via eParaksts signing extension

Due to the vulnerability in the “eParaksts signing extension” (v1.1.5) it is possible to extract public certificates of Latvian electronic identity card (eID) users. This can be done by embedding a malicious JavaScript code to a website. For the attack to be successful, the victim must visit the web page hosting the malicious JavaScript code […]

How to (Correctly) Protect Fintech Apps for Android with Biometric Authentication

During numerous mobile app security assessments we faced fintech apps for Android, that had an option to protect user data with biometric authentication, but failed to implement it in a secure way leading to authentication bypass. Although the security risk is very low due to attack-specific prerequisites, such as acquiring physical access to a mobile […]

WE.LOCK: Unlocking Smart Locks with Web Vulnerabilities

WE.LOCK is a smart home access solution provider that manufactures and sells smart locks. WE.LOCK smart locks can be unlocked using a fingerprint, access codes, RFID tags, a smartphone app via Bluetooth (BLE) or the physical key supplied with a lock. In this article we are focusing on a smartphone app for Android, a mobile […]

IBM Spectrum Protect: Exploiting Legacy Authentication Protocol

We want to share details of a little-known attack vector that we have successfully exploited during numerous security audits. IBM Spectrum Protect is a backup solution that provides data protection for virtual, physical and cloud environments. The solution is based on a client-server architecture. IBM Spectrum Protect client nodes, administrative clients, and servers communicate using […]

Paradox (In)Security Systems: IP150 Internet Module Hijacking

Paradox Security Systems is a Canadian company manufacturing alarm systems and various security devices since 1989. One of their most popular family of products are the IP150 internet modules. They are used with their SP, MG and EVO series security alarm panels to enable control and monitoring of the security alarms over the Internet. In […]

Deanonymization Of Lithuanian E-Signature Users

In 2020, remote work and digital access to public services have become the new normal. Lithuanian citizens have multiple options for accessing different public services and signing documents online. In this article, we will discuss user privacy issues that our team has recently discovered in two independent e-signature solutions, which have been fixed by now. […]

About Us

© 2024 Critical Security