Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14090
HistoryAug 30, 2006 - 12:00 a.m.

Vulnerability: ModernBill Insecure CURL Settings

2006-08-3000:00:00
vulners.com
56
JSON

Vulnerability: ModernBill Insecure CURL Settings

#################################################################

Vulnerability discovered by: Justin Samuel (www.justinsamuel.com)
Discovery Date: 2006-07-11
Severity: Less Critical
Impact: Exposure of sensitive information

Product: ModernBill
Affected Versions: 5.0.1
Vendor: ModernGigabyte, LLC (www.moderngigabyte.com)
Product Link: http://www.modernbill.com/

#################################################################

Update 2006-08-19:
Not fixed as of 5.0.4, despite vendor knowledge of the issue since 2006-07-12.

#################################################################

Vulnerability Description:

ModernBill’s CURL (a.k.a. cURL, curl) communication with credit card processing gateways is done with CURL ignoring any invalid SSL certificate of the host it is communicating with.

Specifically, the following have been set to FALSE for CURL communication:

CURLOPT_SSL_VERIFYPEER
CURLOPT_SSL_VERIFYHOST

The CURLOPT_SSL_VERIFYPEER setting of FALSE stops CURL from verifying the peer’s certificate.

The CURLOPT_SSL_VERIFYHOST setting of FALSE stops CURL from checking the existence of a common name in the peer’s SSL certificate.

#################################################################

Vulnerability Verification:

To check the CURL settings in use by ModernBill:

1) Install ModernBill.

2) Setup a payment processor.

3) In the file lib-modernbill/include/config/debug.php, change
define(”DEBUG”, 0);
to
define(”DEBUG”, 1);

4) Attempt to process a credit card through the ModernBill’s Virtual Terminal and look for the following in the debug output of the page:

[constantsSetting] => Array
(
[CURLOPT_RETURNTRANSFER] => 1
[CURLOPT_SSL_VERIFYHOST] => 0
[CURLOPT_SSL_VERIFYPEER] => 0
[CURLOPT_TIMEOUT] => 3000
[CURLOPT_CONNECTTIMEOUT] => 50
[CURLOPT_VERBOSE] => 0
[CURLOPT_NOPROGRESS] => 1
[CURLOPT_FAILONERROR] => 0
)

#################################################################

Exploit:

To exploit this vulnerability, an attacker would need to perform a Man-In-The-Middle (MITM) attack so as to receive the communication from ModernBill that was intended for the credit card processing gateway. This would include any variety of DNS attacks that would cause ModernBill to resolve the gateway’s hostname to the IP address of the attacker.

A successful attack would lead to the attacker having access to all credit card information that ModernBill attempts to process through the credit card processing gateway.

#################################################################

Solution:

Discontinue using ModernBill until they stop disabling fundamental security that is part of the SSL protocol.

#################################################################

JSON