Product and Support News

Mar
12

TDR AD Helper Credential Disclosure Vulnerability

Profile picture for user rarroyo
Categories:

Good morning TDR Users, 

On 11 March 2020, a pen testing company, RedTeam PenTesting GMBH, disclosed a credential disclosure vulnerability in the AD Helper to exploit-db.com (link below). The disclosure states that by accessing the AD Helper web interface, a call to an API endpoint is made which responds with plaintext credentials to all configured domain controllers.

On 9 March 2020, WatchGuard released a fix for this vulnerability in AD Helper 5.8.5.10317. In this version, the offending REST endpoint no longer returns plaintext passwords. In addition, the service running the configuration UI will only be available locally through the loopback IP address (Localhost/127.0.0.1). This means that users must log in to the computer locally to access the AD Helper Configuration UI.

Please make sure your AD Helper is up-to-date and runs version 5.8.5.10317 or higher. If your AD Helper runs a lower version and cannot auto-update, you must manually update your AD Helper. If your AD Helper cannot communicate with TDR or cannot auto-update, please follow the steps at: https://watchguardsupport.secure.force.com/publicKB?type=Known%20Issues&SFDCID=kA10H000000g4mPSAQ

Additionally, if you are unable to update the AD Helper immediately, you can use firewall rules to minimize the exposure of the AD Helper to external networks, which would limit the scope of the vulnerability. While it is still a serious vulnerability, and you will want to patch quickly, most internet-based attackers should not be able to reach this web interface unless you allowed it via your firewall.

WatchGuard greatly appreciates members of the security community who find and responsibly disclose vulnerabilities in our products so that we can correct them and make our products as secure as possible. We thank RedTeam PenTesting GMBH for responsibly bringing this to our attention.

 

Sincerely,

The TDR PM Team

Exploit-DB Link: https://www.exploit-db.com/exploits/48203

Browse by Category


 

EMAIL UPDATES

Sign up to get the latest product news, updates, and support alerts from WatchGuard.

Subscribe

 

Resources


Beta Program

Resource Center

End of Life Info

Product Certifications

Product & Support News

Secplicity

"The 443" Podcast

 

Keep in Touch


  Subscribe by Email

  Subscribe by RSS

   Facebook

  LinkedIn

  Twitter

  YouTube