search

brimdata / zui

Zui is a powerful desktop application for exploring and working with data. The official front-end to the Zed lake.
https://www.brimdata.io/download/
Other
1.8k stars 132 forks source link

Security risk: vulnerable to dns rebinding attacks #2040

Open ttttmr opened 2 years ago

ttttmr commented 2 years ago

Brim listens on port 9867 by default, without authentication, without checking host, you can use dns rebinding attack to obtain data in brim

Attack example

The victim opens brim and imports pcap for analysis Analysis found a url, copied and opened in browser (it was a malicious link) The website uses dns rebinding to attack brim (port 9867) to obtain data (just like the client)

Mitigation

Check the host, only allow localhost or 127.0.0.1, no other hosts are allowed Or use authentication, preferably randomly generated password or listen on a random port (increase the cost of the attack, but it can still be attacked in essence)

jameskerr commented 2 years ago

@ttttmr Thank you for bringing this to my attention. I'll be working with the backend zed serve team to find a way to fix this.

jameskerr commented 2 years ago

Also, thank you for the clear example and the steps to mitigate. That was very helpful.