The security hole left with JNDI for server resources

In Java world, JNDI (Java Naming and Directory Interface) is one very common method for applications to access server resources like data sources, EJB's, JMS queues, file stores etc.
The security risk is that: Not only JNDI can be called by applications hosted in the same container, but also remotely.
In an organization, application server admins do not take care of security risks unknowingly or neglect by assuming they or on a secure LAN. This exposes the resources to grave risk as anyone within LAN can access unauthorized data without being detected and abuse the system.


ctx = null;
Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, "CONTEXT_FACTORY");
env.put(Context.PROVIDER_URL, "CONTEXT_PROVIDER_URL");
DataSource datasource = (DataSource)initialContext.lookup("DATASOURCE_CONTEXT_NAME");
try {
    ctx = new InitialContext(env);
    Connection conn = datasource.getConnection();
    //perfrom queries with the connection
    conn.close();
} catch (Exception e) {
    e.printStackTrace();
}

So one can query the database just by knowing three things.
  1. Context.INITIAL_CONTEXT_FACTORY : this is container object reference
  2. Context.PROVIDER_URL : remote url of the container
  3.  DATASOURCE_CONTEXT_NAME : name of the datasource configured in container
One can know about INITIAL_CONTEXT_FACTORY if they know the type of container, example it would be "com.ibm.websphere.naming.WsnInitialContextFactory"

Provider URL is the URL of the container, also provide the port of the container.

Datasource name is little tricky to know, but assume you know it (by guessing it, by asking or by reading it from some other place), you can connect to database without knowing database username and password.

Server administrators need to set following parameters to avoid this kind of bypass

Context.SECURITY_PRINCIPAL
Context.SECURITY_CREDENTIALS
 
This attack is limited in Intranet environment only.

Comments

Post a Comment

Popular posts from this blog

Caused by: java.sql.SQLTimeoutException: ORA-01013: user requested cancel of current operation

Many times we encounter this error and think that there might be some JPA issue or network issue. However, the error is pretty explicit in its nature, but still not clear to ring the bell very first time. As the error says there is a timeout, and since Oracle is saying, we shall accept it. Another clue is "user requested cancel of current operation". This means that the connection was closed by the application server not the database server, hence it can be safely concluded that application has configured timeouts on transactions at its end. However, if you feel that this transaction should have been concluded within the application server limits, your doubt might be true. This problem can arise in case there is a lock on the record being updated by JPA or lock on the table in which JPA is attempting to insert. The lock is most probably being held by some other application, and since application server configuration is on aggressive SLA, the transaction is waiting its...
Read more

pandas dataframe add missing date from range in a multi-dimensional structure with duplicate index

This solution demonstrates how to fill in the missing dates in a given range in a multi-index pandas dataframe. The complexity is added by the presence of duplicate dates in the given data, where the date is considered as an index. In case you try to reindex a data frame with duplicate indexes, you will get the following error. ValueError : cannot reindex from a duplicate axis To resolve this situation and to achieve the end goal of refitting dataset with missing indexes, following pseudo code can be used. Read multidimensional data into pandas dataframe (dataset), with date column as an index (only one index). Transform dataframe index created above into datetime index type Create a new dataframe (d) with the required date range, and value of other records as null Append 'd' into 'dataset' Set index of 'dataset' to include more column to create a multi-level index Reindex to 'dataset', and fill the desired value. The example python co...
Read more

Delete horizontal, vertical and angled lines from an image using Python to clear noise and read text with minimum errors

I was working on an algorithm to detect lines in a image. I found many solutions online, but none of them seem to work to my satisfaction. Thereafter, I decided to write an algorithm, which can work to my satisfaction. This algorithm can detect horizontal, vertical and angled lines. Following is the pseudo code of the algorithm. The implementation is in Python and it uses third party code. pix_array = Convert the image into 2D pixel array  Mono chromate the pixel array by setting values between 0-200 as 0 (black) and greater than 200 as 255(white) as  image_width = length of pix_array[0] image_height = length of pix_array Loop through pix_array, i.e. 1 pixel high horizontal slice of image: h = x coordinate of current pixel k = y coordinate of current pixel choose a value of radius as r draw a circle taking h,k as center using equation (X-h)^2 + (Y-k)^2 = r^2 derive values of X and Y and check if pix_arrY[X][Y] is black (0) if black add them to possible line c...
Read more