Rewterz Threat Alert – Borat RAT – Active IOCs
April 4, 2022Rewterz Threat Advisory – Multiple Microsoft Edge (Chromium-based) Vulnerabilities
April 5, 2022Rewterz Threat Alert – Borat RAT – Active IOCs
April 4, 2022Rewterz Threat Advisory – Multiple Microsoft Edge (Chromium-based) Vulnerabilities
April 5, 2022Severity
High
Analysis Summary
The exploitation of CVE-2022-1162 can allow a threat actor to guess a hard-coded password for any GitLab account with relative ease. The root cause of CVE-2022-1162 is in the account registration process using an OmniAuth provider (e.g., OAuth, LDAP, SAML) where a hardcoded password is set with a predictable pattern that allows a threat actor to brute force a registered user’s password based on the pattern. It is important to note that only GitLab deployments where user accounts are created using an OmniAuth provider are in scope for being vulnerable to CVE-2022-1162.
Impact
- Credential Theft
- Account Compromise
Indicators Of Compromise
CVE
- CVE-2022-1162
Affected Vendors
- GitLab
Affected Products
- GitLab CE/EE versions 14.7 prior to 14.7.7
- GitLab CE/EE versions 14.8 prior to 14.8.5
- GitLab CE/EE versions 14.9 prior to 14.9.2
Remediation
Upgrade to the latest patches (versions 14.9.2, 14.8.5, and 14.7.7) and updates here. This is a critical vulnerability and patches should be updated instantaneously.