Expand my Community achievements bar.

SOLVED

Dispatcher vulnerability is allowing access to AEM nodes by using special encoding technique

Avatar

Level 1

One of our security team member was successful in accessing  critical AEM nodes by bypassing dispatcher using this special encoding technique that uses ASCII code for the } character (Example: * /.%7D./.%7D./.%7D./.%7D./.%7D./)

To bypass authentication they downloaded an auth certificate using this vulnerability.

We were able to address this by adding few entries in dispatcher filters.


But we are not able to understand why ' } ' worked as valid bypass?

 

 

 

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Hi,

 

The specific reason why '}' worked as a valid bypass would require further investigation into the specific vulnerabilities present in your AEM implementation and the encoding technique being used.

However, It could be related to how the application interprets or mishandles special characters in certain contexts.

View solution in original post

2 Replies

Avatar

Correct answer by
Employee Advisor

Hi,

 

The specific reason why '}' worked as a valid bypass would require further investigation into the specific vulnerabilities present in your AEM implementation and the encoding technique being used.

However, It could be related to how the application interprets or mishandles special characters in certain contexts.

Avatar

Level 2

Hi @ManviSharma 

Is there a fix to circumvent this? This looks like an Adobe OOTB issue and multiple clients are having to figure temporary workarounds to fix this

Devanshi