Digital Defense, Inc. is disclosing a vulnerability identified in SoftNAS Cloud(R) data storage platform discovered by our Vulnerability Research Team (VRT). The engineers at SoftNAS are to be commended for their prompt response to the identified flaw and their team’s work with VRT to provide prompt fixes for this cyber security issue.
SoftNAS has provided a patch for the vulnerability identified on the application. The patch is available for download via Software Update in the SoftNAS appliance web interface.
Clients who currently use Digital Defense’s Frontline.Cloud platform can sweep for the presence of this issue in Frontline VM by performing a full vulnerability assessment scan or selecting CVC SoftNAS Cloud Authentication Bypass (128007).
Details of the vulnerabilities are as follows:
DDI-VRT-2019-01 – SoftNAS Cloud Authentication Bypass
SoftNAS Cloud Authentication Bypass
The authentication bypass can be leveraged to access the Webadmin interface which can add users and execute arbitrary commands as root
SoftNAS Cloud 4.2.0 and 4.2.1
The NGINX default configuration file has a check to verify the status of a user cookie. If not set, redirects a user to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deployment best practices and expose SoftNAS StorageCenter(R) ports directly to the internet, this vulnerability allows an attacker to gain access to the Webadmin interface to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and the data.