ServiceNow’s Count(er) Strike: A Sneaky Data Leak Adventure!
Remember the game of Battleship? Well, the Count(er) Strike flaw in ServiceNow is like playing it, but with sensitive data. Low-privileged users can exploit this flaw to uncover hidden treasures, like secret records and confidential data, one “hit” at a time. Time to tighten those ACLs, folks!
Hot Take:
Well, isn’t it just adorable when cloud platforms play a game of hide-and-seek with sensitive data? ServiceNow managed to turn a simple game of counting into a high-stakes treasure hunt with its Count(er) Strike vulnerability. Who knew that all it would take to become a data pirate was to play a little peek-a-boo with ACLs? ServiceNow may have patched up the portholes, but not before giving low-privileged users a chance to channel their inner digital buccaneer. Aargh, matey!
Key Points:
– A vulnerability in ServiceNow, dubbed Count(er) Strike, lets low-privileged users access sensitive data from tables they shouldn’t.
– The flaw was discovered by Varonis Threat Labs and affects systems with misconfigured or overly permissive ACLs.
– ServiceNow has released new access control frameworks in their Xanadu and Yokohama versions to tackle this issue.
– Varonis created a script that uses URL-based filters to extract data character-by-character.
– ServiceNow now uses ‘Deny Unless’ ACLs and Query ACLs to prevent these types of attacks.