CVE-2023-26451
📋 TL;DR
This vulnerability allows attackers to predict authorization tokens in OX App Suite's oAuth Authorization Service, enabling them to intercept and hijack client authorization processes. This could lead to account compromise of other users. Only systems with the oAuth Authorization Service enabled are affected, which is not the default configuration.
💻 Affected Systems
- OX App Suite
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could compromise user accounts, access sensitive data, and perform unauthorized actions as legitimate users.
Likely Case
Targeted account takeover of users who have interacted with the vulnerable oAuth service.
If Mitigated
Limited impact if service is disabled or patched, with only authorization process interception possible.
🎯 Exploit Status
No publicly available exploits known, but predictable tokens make exploitation straightforward if service is enabled.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.10.6 patch release 6230 (2023-05-02)
Vendor Advisory: https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0003.json
Restart Required: Yes
Instructions:
1. Update OX App Suite to version 7.10.6 patch release 6230 or later. 2. Apply the patch from the vendor advisory. 3. Restart the OX App Suite services.
🔧 Temporary Workarounds
Disable oAuth Authorization Service
allDisable the vulnerable oAuth Authorization Service if not required.
# Edit OX App Suite configuration to disable oAuth service
# Consult OX App Suite documentation for specific configuration steps
🧯 If You Can't Patch
- Disable the oAuth Authorization Service immediately if not essential for operations.
- Implement network segmentation to restrict access to the oAuth service only to trusted clients.
🔍 How to Verify
Check if Vulnerable:
Check if OX App Suite version is before 7.10.6 patch release 6230 and if oAuth Authorization Service is enabled in configuration.Check Version:
# Check OX App Suite version via admin interface or configuration filesVerify Fix Applied:
Verify OX App Suite version is 7.10.6 patch release 6230 or later and confirm oAuth service uses secure random token generation.📡 Detection & Monitoring
Log Indicators:
- Unusual authorization token patterns
- Multiple failed or successful oAuth authorization attempts from single source
Network Indicators:
- Predictable authorization tokens in oAuth traffic
- Unexpected oAuth authorization requests
SIEM Query:
Example: oAuth authorization events with token patterns matching predictable sequences🔗 References
- http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2023/Aug/8
- https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0003.json
- https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf
- http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2023/Aug/8
- https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0003.json
- https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf
