CVE-2022-47714
📋 TL;DR
CVE-2022-47714 is a missing HSTS (HTTP Strict Transport Security) header vulnerability in Last Yard version 22.09.8-1 that allows attackers to perform man-in-the-middle attacks and downgrade HTTPS connections to HTTP. This affects all users of Last Yard 22.09.8-1 who access the application over networks where traffic can be intercepted.
💻 Affected Systems
- Last Yard
📦 What is this software?
Last Yard by Lastyard
⚠️ Risk & Real-World Impact
Worst Case
Attackers intercept sensitive data (credentials, session tokens, confidential information) through SSL stripping attacks, leading to complete account compromise and data exfiltration.
Likely Case
Session hijacking and credential theft when users access the application over untrusted networks like public Wi-Fi.
If Mitigated
Limited impact if users only access via trusted networks with proper network segmentation and monitoring.
🎯 Exploit Status
Exploitation requires network access to intercept traffic but no authentication to the target system.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 22.09.8-1
Vendor Advisory: https://github.com/l00neyhacker/CVE-2022-47714
Restart Required: Yes
Instructions:
1. Update Last Yard to version after 22.09.8-1. 2. Restart the Last Yard service. 3. Verify HSTS headers are present in HTTP responses.
🔧 Temporary Workarounds
Configure HSTS headers via reverse proxy
allAdd HSTS headers at the reverse proxy/load balancer level before requests reach Last Yard
For nginx: add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
For Apache: Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
🧯 If You Can't Patch
- Deploy network-level SSL inspection and monitoring to detect SSL stripping attempts
- Implement certificate pinning at client applications accessing Last Yard
🔍 How to Verify
Check if Vulnerable:
Use curl or browser developer tools to check HTTP responses: curl -I https://last-yard-url/ and verify absence of 'Strict-Transport-Security' headerCheck Version:
Check Last Yard version in admin interface or configuration filesVerify Fix Applied:
Check HTTP responses contain: Strict-Transport-Security: max-age=31536000; includeSubDomains📡 Detection & Monitoring
Log Indicators:
- Multiple HTTP requests to same resources that should be HTTPS
- User sessions originating from HTTP instead of HTTPS
Network Indicators:
- HTTP traffic to Last Yard endpoints that should only use HTTPS
- SSL stripping tool signatures in network traffic
SIEM Query:
source="last-yard-logs" AND (protocol="http" AND (uri CONTAINS "/login" OR uri CONTAINS "/api"))