Logsign Unified SecOps Platform Vulnerabilities

The Logsign Unified SecOps Platform is widely used by security analysts and organizations to manage and control their cybersecurity operations through a unified interface. It provides real-time threat detection, investigation, and response functionalities. The platform allows for extensive data collection and analysis, making it valuable for incident management. With a focus on visibility and automation, it's deployed in enterprises where proactive cybersecurity management is essential. Security teams rely on Logsign to streamline their security workflows and centralize their operations.

This vulnerability allows remote attackers to bypass authentication mechanisms through brute-force attacks on the password reset feature. It stems from inadequate rate-limiting in the password reset process. An attacker can request a reset code for the admin account and brute force it. Once bypassed, the attacker can reset the admin password and gain full control over the system.

The vulnerability resides in the password reset mechanism of the Logsign platform, specifically in the /api/settings/forgotpassword and /api/settings/verify_reset_code endpoints. There is no rate limit on the number of attempts a user can make when submitting a password reset request. Attackers can target the admin user by sending repeated requests until the correct reset code is brute-forced. Once the code is successfully guessed, they can reset the admin password and gain unauthorized access to the system. The issue primarily affects deployments without additional protections in place for password reset processes.

Exploiting this vulnerability can lead to a complete system compromise. Attackers could reset the administrator password, granting them full control over the platform, including the ability to execute arbitrary commands, access sensitive data, and manipulate security configurations. This could also allow them to disable critical security functions, causing long-term disruption.

By using Security for Everyone’s platform, you gain access to continuous monitoring and expert guidance to secure your digital assets. Our platform helps you identify vulnerabilities like the Authentication Bypass in Logsign, preventing unauthorized access to your critical systems. Stay protected with timely vulnerability assessments and remediation steps provided directly through our user-friendly interface. Don’t wait for an attack to happen—proactively secure your systems with comprehensive scans and detailed insights. Join Security for Everyone and ensure your cybersecurity posture is always up to date.

References:

• https://github.com/j4nk3/Logsign-RCE