Tuesday, November 12, 2024
Homecyber security0.0.0.0 Day – 18 Yr Old Vulnerability Allow Attackers to Bypass All...

0.0.0.0 Day – 18 Yr Old Vulnerability Allow Attackers to Bypass All Browser Security

Published on

Malware protection

Threat actors often target and exploit security flaws in web browsers, as exploiting flaws in web browsers enables them to gain unauthorized access and perform several illicit activities.

Not only that, threat actors also get a wide attack surface with minimal effort by exploiting the security flaws in browsers.

Cybersecurity researchers at Oligo Security’s research team recently discovered 0.0.0.0 day, an 18-year-old vulnerability that enables attackers to bypass all browser security.

- Advertisement - SIEM as a Service

Technical Analysis

It’s a major security problem affecting all popular web browsers (Chromium, Firefox, and Safari) that allows external websites to interface with software that is being run locally on macOS and Linux.

The vulnerability known as “ow.night” was caused due to the fact that the security mechanisms were implemented in different ways depending on what browser was used and the lack of any uniform standards in this industry.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access

This vulnerability allows malicious websites to bypass browser security and communicate with the organization’s local network services which could lead to unauthorized access by hackers who are outside of its network and remote code execution upon these local services.

Consequently, using a rather harmless 0.0.0.0 IP address, attackers can target the local services for development purposes, and operating systems among others including internal networks.

While this vulnerability was again shown to be urgent by the recent discovery of active campaigns of ShadowRay.

Oligo researchers have shared their findings with the security teams for all major browsers and the browser vendors recognized the security problem.

The 18-year-old bug report, still Open (Source – Oligo)

Related standard modifications are being processed and some browser-level mitigations that will not accept 0.0.0.0 addresses are planned to be activated soon.

However, due to its complexity as well as lack of any finalized standard, this vulnerability still remains under attack in between allowing external websites access services on localhost.

This shows the need for a common browser industry standard that can address this fundamental security flaw and protect users and organizations from potential “0.0.0.0 Day.”

This critical flaw allowed public websites to override browser protections and access local network services, which can result in remote code execution.

At first, the vulnerability was caused by the Private Network Access (PNA) standard, which does not consider 0.0.0.0 as a private IP address.

Relationship between public, private, local networks in Private Network Access (Source – Oligo)

This deletion allowed hackers to use public domains for reaching local resources and, at the same time, skip the restrictions of CORS and exploit flaws in Ray frameworks or Selenium Grid as well as PyTorch TorchServe that were installed on localhost.

The researchers provided an example of unauthorized access and control of these local applications using only one HTTP request showing how essential it is to ensure a comprehensive standardized approach to secure local network access.

It is incredible how their disclosure helped with fixing this vulnerability in various browsers consequently demonstrating how responsible disclosure aids in internet security improvement.

Recommendations

Here below we have mentioned all the recommendations:-

  • Implement PNA headers.
  • Verify HOST headers to prevent DNS rebinding.
  • Add authorization layers for localhost.
  • Use HTTPS.
  • Implement CSRF tokens.
  • Remember browsers route to internal IPs.

Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Maximizing Agent Productivity And Security With Workforce Management Software In Contact Centers

In the bustling world of customer service, the stakes are perpetually high—every missed call...

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...