Istio Vulnerability Could lead A Data Breach

Data Beaches and other possible things that can happen to digital data are the most common cybercrimes on a large scale. It was last year that made everyone realize that digital data is very vulnerable to attackers. The number of cybercriminals has also increased over time while the number of such events is at large as well. Some of the biggest companies have become a victim of data breaches for different reasons. Sometimes it is a bug other times it is lead by a mistake by getting into the main system. This time it was Istio Service mesh software that left users vulnerable to attackers.

It was an authentication vulnerability that was discovered by Aspen Mesh and this could have been serious. The wide range of service provider Istio has a huge database and it was all vulnerable. This vulnerability was discovered while the authentication features that were getting worked on. This was then reported to and fixed by Espen engineer while it was a huge vulnerability. The vulnerability found in the Authentication Policy of Istio CVE-2020-8595 could allow unauthorized access to HTTP paths. To access these HTTP paths you need to have a valid JSON Web Token but not while you exploit this vulnerability.

Authentication is for safety and to restrict unwanted access and such vulnerabilities sure make it accessible to unauthorized people. To access the secured paths the attacker needs to just use ‘?’ and ‘#’ to exploit the vulnerability. All the data and resources secured through these paths get accessible to attackers once vulnerability gets exploited. This needed urgency to get patched before someone could exploit it to a bigger level. Once patched everyone was urged to update as soon as they can to ensure safety and less chance of possible attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *