Threats to the PowerShell Gallery: criticalities and dangers
Critical security issues that require immediate action
Security experts have discovered serious vulnerabilities in the PowerShell Gallery, which could allow for insidious attacks. Despite reports to Microsoft, the solutions adopted so far have not been sufficient to definitively resolve the problem. It is imperative that the platform adopts more stringent security measures to protect users.
Security experts at Aqua have reported a number of issues that could lead to insidious attacks via the PowerShell Gallery. The lack of strict package naming policies allows attackers to load malicious modules that appear legitimate to unsuspecting users, creating "squatting" attacks. Furthermore, another serious flaw lies in the possibility for an attacker to spoof a form's metadata, deceiving users as to its authenticity. To address these issues, Aqua reported the issues to Microsoft, but despite the reactive measures already in place, the issues still remain reproducible.
Vulnerabilities that allow listing hidden packages
A third discovered bug allows attackers to enumerate all package names and versions, including those not listed and which should be hidden from the public. This is achieved using the PowerShell API which allows unrestricted access to the complete database of PowerShell packages, including sensitive data contained in packages not listed. This vulnerability opens the door to compromise unlisted packages that contain sensitive data. The problem has been reported to Microsoft, but the solutions adopted so far have not been sufficient to permanently resolve the problem.
The responsibility of platforms in user safety
In a world increasingly dependent on open-source projects and registries, the associated security risks increase significantly. Therefore, it is imperative that platforms like the PowerShell Gallery have adequate security measures in place to protect users. Aqua experts point out that the responsibility for ensuring security lies primarily with the platform itself. In this sense, Aqua has sent the report to Microsoft, but further actions need to be taken to improve the security measures.
Follow us on Twitter for more pills like this08/16/2023 12:52
Marco Verro