News


  • CHT Security Showcase the Latest Cybersecurity Solutions in CYBERSEC 2021

    During CYBERSEC 2021, CHT Security showcases the latest cybersecurity products and services. The first one is the total solution for Internet of Vehicle, including the cybersecurity for in-vehicle, road-side unit, cloud and operation center. Among the solution, SecuTex Car Protection demonstrates the ability for payload sniffer and anomaly detection for cars, aiming next phase to keep record of all the CANBUS traffic.The second one is the next-generation SOC (security operation center) service. To enhance the overall cybersecurity visibility, the next-generation SOC puts great emphasis on the integration of network gateways, endpoints and cloud to well demonstrate the risk level for organizations. Moreover, the response ability is the key point to curb cyber-attacks once detected.CHT Security also showcases the latest cyber range developed for both blue team (defense) and red team (attack). CHT Security cyber range based on hyper-converged infrastructure delivers great ability for group training and competition.

    More
  • CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Portal System

    SummaryVulnerability List1. [CVE-2021-22850] Security Misconfiguration2. [CVE-2021-22851] [CVE-2021-22852] Pre-Auth SQL Injection -1Details1. Security MisconfigurationDescriptionThe portal system is vulnerable to a broken authentication vulnerability, which allows attackers to gain unauthorized functions and data without authentication.This vulnerability affects many portal systems of governments, organizations, and companies.ImpactRemote attackers can gain parts of privileged pages, which can lead to leakage of sensitive data.The confidentiality, integrity, and availability of data and system will be compromised.2. Pre-Auth SQL InjectionDescriptionThe portal system has a SQL injection vulnerability, allowing execution of arbitrary SQL commands via id parameter without authentication.This vulnerability affects many portal systems of governments, organizations, and companies.ImpactRemote attackers can gain unauthorized data like users account and password for system login.The confidentiality, integrity, and availability of data and system will be compromised.Versionv3 2.02.0-54 andv3 3.03.0-54CreditsTony Kuo (CHT Security), Jalong Chen (CHT Security)

    More
  • CHT Security Discovered Several Vulnerabilities in Well-known Japanese Email System

    CHT Security Red Team discoveredseveral vulnerabilities (CVE-2020-5540,CVE-2020-5541) in a well-known Japanese email system. The email system has Cross-Site Scripting (XSS) and Open Redirect vulnerabilities. More than 40 organizations including government, education and financial sectors are affected. The vulnerabilities are briefly described as follows:CVE-2020-5540:An attacker can perform cross-site scripting attacks prior to authentication. This vulnerability exists in multiple versions of the email system. This vulnerability is classified as A7-Cross-Site Scripting (XSS) in OWASP Top 10 2017.CVE-2020-5541:Attackers can perform unverified forwarding and redirection. This vulnerability exists in multiple versions of the email system. This vulnerability is classified as CWE-601: URL Redirection to Untrusted Site (Open Redirect).Email system is one of the core systems of an enterprise. Once hacked, emails which may include identification and organization information can be leaked. Enterprises often overlook the criticality of email system since they usually use package software or subscribe to services.As per the experience of our penetration testing team, vulnerabilities in web-based email systems are often found. The XSS and Open Redirect in this case are common vulnerabilities that enable hackers to launch phishing or identity theft.The vendor has released related patches after receiving our report. If your organization or enterprise is using the affected e-mail system, it is recommended to contact the vendor for patching and updating as soon as possible.CHT Security also recommends the following measures:Enterprise: Contact the vendor to install the patch as soon as possible.Email system vendor: Implement input validation in the applications. It is recommended to adopt Secure Software Development Life Cycle (SSDLC), provide secure coding training, and regularly conduct security tests, such as Source Code Security Analysis and Penetration Testing, to effectively ensure product security for the clients.This CVE report has been acknowledged on the Japanese vulnerability information portal site,Japan Vulnerability Notes (JVN), and covered by several Japanese information security media sites, including the following:1.https://scan.netsecurity.ne.jp/article/2020/08/13/44435.html2.https://www.security-next.com/1175133.https://www.excite.co.jp/news/article/Scannetsecurity_44435/

    More
  • CHT Security Discovered Several Vulnerabilities in Well-known Email System

    CHT Security Red Team discovered a Broken Authentication vulnerability (CVE-2020-10511) and an SQL Injection vulnerability (CVE-2020-10512) in a well-known email system. More than 20 organizations including government, financial and technology sectors are affected. The vulnerabilities are briefly described as follows:CVE-2020-10511: It is vulnerable to a privilege escalation vulnerability, which leads to execution of arbitrary OS commands via file parameter without authentication. The OS commands can be executed by any user accessing the page without authentication. This vulnerability affects many mail systems of governments, organizations, and companies. This vulnerability is classified as A2-Broken Authentication in OWASP Top 10 2017.CVE-2020-10512: Remote attackers can gain unauthorized data like users account and password for login into webmail. When accessing a victims account, remote attackers can modify the password. Remote attackers also can write arbitrary files like webshell on target system. It compromised the confidentiality, integrity and availability of data and system. This vulnerability is classified as A1 - Injection in OWASP Top 10 2017.Email system is one of the core systems of an enterprise. Once hacked, emails which may include identification and organization information can be leaked. Enterprises often overlook the criticality of email system since they usually use package software or subscribe to services.The vendor has released related patches after receiving our report. If your organization or enterprise is using the affected e-mail system, it is recommended to contact the vendor for patching and updating as soon as possible.CHT Security also recommends the following measures:Enterprise: Contact the vendor to install the patch as soon as possible.Email system vendor: Implement input validation in the applications. It is recommended to adopt Secure Software Development Life Cycle (SSDLC), provide secure coding training, and regularly conduct security tests, such asSource Code Security AnalysisandPenetration Testing, to effectively ensure product security for the clients.

    More
  • CHT Security Discovered a Pre-Auth Cross-Site Scripting Vulnerability in Well-known Japanese Email System

    CHT Security Red Team discovered a Pre-Auth Cross-Site Scripting vulnerability (CVE-2020-11734) in a well-known Japanese email system. More than 10 organizations including government, education and financial sectors are affected. The vulnerabilities are briefly described as follows:CVE-2020-11734 :An attacker can perform cross-site scripting attacks prior to authentication. This vulnerability exists in multiple versions of the email system. The vulnerable page is /cgi-bin/go. This vulnerability is classified in A7-Cross-Site Scripting (XSS) of OWASP TOP 10 2017.ImpactEmail system is one of the core systems of an enterprise. Once hacked, emails which may contain personal data and organization information can be leaked. Enterprises often overlook the criticality of email system since they usually use packaged software or subscribe to services.Known Affected Softwareversion 5 or laterIf your organization or enterprise is using the affected e-mail system, it is recommended to contact the vendor for patching and updating as soon as possible.RecommendationsCHT Security also recommend the following measures:1. Enterprise: Contact the vendor to install the patch update as soon as possible.2. Email system vendor: Add salt to hashing instead of storing passwords in plain text. Implement input validation in the applications. It is recommended to adopt Secure Software Development Life Cycle (SSDLC), provide secure coding training, and regularly conduct security tests, such as Source Code Security Analysis and Penetration Testing, to effectively ensure product security for the clients.

    More
  • CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic Learning System

    SummaryVulnerability List1. [CVE-2020-10508] Sensitive Data Exposure2. [CVE-2020-10509] Cross-Site Scripting (Reflected XSS)3. [CVE-2020-10510] Broken Access ControlDetails1. Sensitive Data ExposureDescriptionImproperly stores system files. Attackers can use a specific URL and capture confidential information.ImpactThe leaked personal information and login accounts of the system can be taken for further attack.Known Affected Softwareversion 8 and version 9.2. Cross-Site Scripting (Reflected XSS)DescriptionThere are several parameters that were affected by reflected XSS.ImpactIf an attacker can control a script that is executed in the victims browser, personal information may be leaked to attackers via the vulnerability.Known Affected Softwareversion 8 and version 9.3. Broken Access ControlDescriptionAfter login, attackers can use a specific URL, access unauthorized functionality and data.ImpactAttackers can conduct vertical privilege escalation via unauthorized page access.Known Affected Softwareversion 8 and version 9.CreditsJalong Chen (CHT Security)

    More
  • CHT Security Discovered Vulnerabilities in Firmware of Well-Known DVR

    CHT Security Digital Forensics and Information Security Testing Center discovered two vulnerabilities in a well-known DVR. The first one is arbitrary read/write vulnerability (CVE-2020-10513) and the second is command injection (CVE-2020-10514). More than 10 millions of devices are infected in Taiwan.CVE-2020-10513:Attacker can read or modify any file in filesystem of the device. With changing the configuration file of system, attacker can cause Denial of Service or command injection.CVE-2020-10514:Attacker can modify the parameter of RPC function and inject malicious command. It allows attacker to execute commands on the devices when the attacker has owned the password.We also discovered that the device does not force user to change password and that a lot of devices might use a fixed default password from vendor or dealer.ImpactAttacker can control the infected device and perform DDoS attack.Known Affected DeviceFirmware version before 2020/02The vendor has released related patches after receiving our report. It is recommended to contact the vendor for patching and updating as soon as possible.RecommendationsUser: Update firmware to the newest version as soon as possible.Vendor: Check all input from the user side. It is recommended to adopt Secure Software Development Life Cycle (SSDLC), provide secure coding training, and regularly conduct security tests, such as Source Code Security Analysis and Penetration Testing, to effectively ensure product security for the clients.

    More
  • CHT Security Discovered a Pre-Auth SQL Injection in Well-known Email System

    CHT Security Red Team discovered a Pre-Auth SQL Injection vulnerability (CVE-2020-3922) in a well-known email system. More than 20 organizations including government, education and financial sectors are affected. The vulnerabilities are briefly described as follows:CVE-2020-3922: It allows remote attackers to execute arbitrary SQL commands via bkimage parameter without authentication. Remote attackers can gain unauthorized data like users account and password for login into webmail. When accessing a victims account, remote attackers can modify the password. Remote attackers also can write arbitrary files like webshell on target system. It compromised the confidentiality, integrity and availability of data and system. This vulnerability is classified in A1-Injection of OWASP TOP 10 2017.ImpactEmail system is one of the core systems of an enterprise. Once hacked, emails which may contain personal data and organization information can be leaked. Enterprises often overlook the criticality of email system since they usually use package software or subscribe to services.Known Affected Softwareversions before 2017The vendor has released related patches after receiving our report. If your organization or enterprise is using the affected e-mail system, it is recommended to contact the vendor for patching and updating as soon as possible.RecommendationsCHT Security also recommend the following measures:Enterprise: Contact the vendor to install the patch as soon as possible. In addition to regularly updating the system, it is recommended that administrators can configure two-factor authentication to enhance login security and require enough strength for user passwords.Email system vendor: Add salt to hashing instead of storing passwords in plain text. Implement input validation in the applications. It is recommended to adopt Secure Software Development Life Cycle (SSDLC), provide secure coding training, and regularly conduct security tests, such as Source Code Security Analysis and Penetration Testing, to effectively ensure product security for the clients.

    More
  • CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic Stock Selection System

    The Vulnerability Report of Stock Selection SystemSummaryVulnerability List1. [CVE-2020-3937] SQL Injection2. [CVE-2020-3938] Server-Side Request Forgery3. [CVE-2020-3939] Cross-Site Scripting (Reflected XSS)Details1. SQL InjectionDescriptionThere are several parameters that were affected by SQL Injection.ImpactThis vulnerability allows attackers to perform unwanted SQL queries and access arbitrary file in the database.Known Affected Software versions before 201912232. Server-Side Request ForgeryDescriptionThere are several parameters that were affected by Server-Side Request Forgery.ImpactThis vulnerability allows attackers to launch inquiries into network architecture or system files of the server via forged inquests.Known Affected Software versions before 201912233. Cross-Site Scripting (Reflected XSS)DescriptionThere are several parameters that were affected by reflected XSS.ImpactIf an attacker can control a script that is executed in the victims browser, personal information may be leaked to attackers via the vulnerability.Known Affected Software versions before 20191223Credits Jalong Chen (CHT Security)

    More
  • CHT Security Forensics Lab Discovered Vulnerabilities in Firmware of Well-Known DVR

    The Vulnerability Report of Tonnet DVRSummary1. [CVE-2020-3923] Improper Access ControlThe firmware does not properly handle passwords. Attacker could analyze the firmware and the algorithm of cipher to get system permission of devices.2. [CVE-2020-3924] Command InjectionThere is a command injection in firmware update procedure. Attacker can easily manipulate a fake firmware to open the telnet service to get system permission.Details1. [CVE-2020-3923] Improper Access ControlThe firmware contains an executable file that opens tcp/9530 port listening, which is a service for engineers to maintain device.The authentication procedure of this service is vulnerable. It uses symmetric algorithm (3DES) and fixed keys to verify passcode. This vulnerability allows attackers to retrieve system permission after reversing the firmware.ImpactAttacker could gain root permission. The device might be infected as botnet and execute DDoS attack.2. [CVE-2020-3924] Command InjectionThe main reason this vulnerability existed is an insecure upgrade procedure. Besides, there is a more insecure command in the configuration script parser. With both vulnerabilities, the attacker can easily make malicious firmware to turn on telnet service and get system permission.ImpactAttacker could gain root permission. The device might be infected as botnet and execute DDoS attack.Known Affected DevicesTAT-77104G1Firmware version = TAT-77104G1_20190107TAT-70432NFirmware version = TAT-77208G1_20181225TAT-71416G1Firmware version = TAT-71416G1_20181225TAT-71832G1Firmware version = TAT-71832G1_20190510TAT-76104G3Firmware version = 20181220_76104G3TAT-76108G3Firmware version = 20181221_76208G3TAT-76116G3Firmware version = 20181221_76216G3TAT-76132G3Firmware version = TAT-70832G3_20181221-1CreditWeber Tsai (CHT Security)Keniver Wang (CHT Security)Redhung Chen (CHT Security Intern)

    More

For Financial Institutions

Security Assessment, ATM Drills for Offense & Defense, DDoS Drills, GDPR Consultant.

For Enterprises

Large Enterprises: Gateway Protection, Endpoint Protection, Data Security, Regular assessment, ISMS, In-depth Defense with ISPs.
SMB & Soho: Anti-virus, Anti-hacking, Internet Protection.

For Government Departments

Regulation Compliance, Regional Joint Defense, SOC, ISAC, Common Supply Contract.