Davinder Tutorials

A Critical Security Flaw in LiteSpeed Cache: Insights on CVE-2024-44000

September 06, 2024 Davinder

A new and significant security vulnerability has been uncovered in the LiteSpeed Cache plugin, which is used by millions of WordPress sites to enhance their performance. The vulnerability, identified as CVE-2024-44000, was brought to light by Rafie Muhammad of Patchstack on August 22, 2024. This issue, classified as an unauthenticated account takeover vulnerability, has prompted urgent updates from the plugin's developers.

What is CVE-2024-44000?

CVE-2024-44000 is a serious security flaw related to the debug logging feature of the LiteSpeed Cache plugin. When this feature is enabled, it logs all HTTP response headers, including sensitive "Set-Cookie" headers, into a file. These cookies are used for user authentication, which means that if an attacker can access this log file, they could potentially hijack administrative sessions and take over the site.

Exploitation Pathway

To exploit this vulnerability, an attacker needs to access the debug log file located at /wp-content/debug.log. If there are no restrictions like .htaccess rules to block access to this file, attackers can easily obtain it by knowing the URL. This access could allow them to steal session cookies from any user who was logged in while debugging was active. Even historical session cookies could be at risk if the logs are not cleared regularly.

Response and Mitigation

LiteSpeed Technologies acted swiftly to address the issue, releasing an updated version of the plugin (6.5.0.1) to mitigate the vulnerability. The key changes in this update include:

Moving Log Files: The debug log files are now stored in a new directory (/wp-content/litespeed/debug/), separating them from other WordPress files.
Randomizing File Names: This makes it more difficult for attackers to guess log file names.
Eliminating Cookie Logging: The update removes the practice of logging session cookies.
Adding Protective Measures: A dummy index file has been introduced to further protect the log directory.

Site administrators are advised to delete any existing debug.log files from their servers to eliminate the risk of compromised session cookies. Additionally, configuring .htaccess rules to block direct access to the new log files is recommended to prevent brute-force attacks on randomized filenames.

Wider Security Concerns

This vulnerability is part of a broader pattern of security challenges facing the LiteSpeed Cache plugin. Earlier in 2024, two other critical vulnerabilities were reported: CVE-2023-40000, an unauthenticated cross-site scripting flaw, and CVE-2024-28000, a privilege escalation issue. These vulnerabilities have led to a surge in attacks, with significant numbers of attempted exploits reported.

With over 375,000 downloads of the updated plugin version on its release day, the urgency for site administrators to address this issue is clear. Despite the release of the fix, a substantial number of sites remain vulnerable, making it imperative for users to act quickly.

Conclusion

The discovery of CVE-2024-44000 highlights the ongoing need for vigilance and timely updates in website security. Site administrators should ensure they implement the latest updates and follow best practices to protect their WordPress sites from emerging threats. Staying informed and proactive is key to maintaining a secure online environment.

How to setup Vapi Machine for API testing

May 03, 2024 Davinder

When you want to practise OWASP Top 10 API , then someday you need to setup this machine for practise purpose.

I am writing this article just to help you with installation steps.

davinder@Davinders-MacBook-Air ~ % ls

Applications Personal Work

Desktop Pictures api

Documents Projects bugbounty

Downloads Public codeql

Library PycharmProjects go

Movies Sites nuclei-templates

Music Study sonarqube

First I created a folder name api and switched inside that folder

davinder@Davinders-MacBook-Air ~ % cd api

After that I created another folder and go inside that lab folder

davinder@Davinders-MacBook-Air api % cd lab

Now we will clone the required machine files as:

davinder@Davinders-MacBook-Air lab % git clone https://github.com/roottusk/vapi.git

Cloning into 'vapi'...

remote: Enumerating objects: 8832, done.

remote: Counting objects: 100% (804/804), done.

remote: Compressing objects: 100% (424/424), done.

remote: Total 8832 (delta 376), reused 734 (delta 340), pack-reused 8028

Receiving objects: 100% (8832/8832), 24.34 MiB | 8.47 MiB/s, done.

Resolving deltas: 100% (2441/2441), done.

Updating files: 100% (7326/7326), done.

Now we switch the vapi directory

davinder@Davinders-MacBook-Air lab % cd vapi

Now run the following commands:

davinder@Davinders-MacBook-Air vapi % sudo docker-compose up -d

Password:

WARN[0000] The "APP_NAME" variable is not set. Defaulting to a blank string.

WARN[0000] The "PUSHER_APP_KEY" variable is not set. Defaulting to a blank string.

WARN[0000] The "PUSHER_APP_CLUSTER" variable is not set. Defaulting to a blank string.

WARN[0000] /Users/davinder/api/lab/vapi/docker-compose.yml: `version` is obsolete

[+] Running 31/31

✔ phpmyadmin Pulled 24.8s

✔ faef57eae888 Pull complete 2.8s

✔ 989a1d6c052e Pull complete 1.1s

✔ 0705c9c2f22d Pull complete 4.4s

✔ 621478e043ce Pull complete 2.1s

✔ 98246dcca987 Pull complete 4.7s

✔ bfed8c155cb6 Pull complete 4.6s

✔ 7a7c2e908867 Pull complete 6.6s

✔ d176994b625c Pull complete 6.0s

✔ 2d8ace6a2716 Pull complete 5.6s

✔ c70df516383c Pull complete 7.1s

✔ 15e1b44fe4c7 Pull complete 7.1s

✔ 65e50d44e95a Pull complete 7.6s

✔ 77f68910bc0a Pull complete 8.0s

✔ 605dd3a6e332 Pull complete 8.2s

✔ 99ce27188f07 Pull complete 8.6s

✔ 74d64e32c5d5 Pull complete 9.4s

✔ ef5fc9928b9f Pull complete 9.4s

✔ 163f3256e112 Pull complete 9.6s

✔ db Pulled 50.3s

✔ c6a0976a2dbe Pull complete 10.9s

✔ ae691a8c1b16 Pull complete 9.7s

✔ 8fe011e50abc Pull complete 10.1s

✔ c5c88c8fbaa8 Pull complete 11.0s

✔ 25d028b2b1f1 Pull complete 11.2s

✔ a2cbeb759403 Pull complete 11.9s

✔ e8ceebeb4e87 Pull complete 13.5s

✔ 70daaf3f7c42 Pull complete 12.4s

✔ 01f4c19f9b85 Pull complete 14.9s

✔ 0c347df2d48a Pull complete 43.5s

✔ 8903dbcded2d Pull complete 14.6s

[+] Building 105.2s (17/17) FINISHED docker:desktop-linux

=> [www internal] load build definition from Dockerfile 0.1s

=> => transferring dockerfile: 580B 0.0s

=> [www internal] load metadata for docker.io/library/composer:latest 3.7s

=> [www internal] load metadata for docker.io/library/php:7.4-apache 3.6s

=> [www auth] library/php:pull token for registry-1.docker.io 0.0s

=> [www auth] library/composer:pull token for registry-1.docker.io 0.0s

=> [www internal] load .dockerignore 0.0s

=> => transferring context: 2B 0.0s

=> [www stage-0 1/8] FROM docker.io/library/php:7.4-apache@sha256:c9d7e608f73832673479770d66aacc8100011ec751d1905ff63fae3fe2e0ca6d 37.0s

=> => resolve docker.io/library/php:7.4-apache@sha256:c9d7e608f73832673479770d66aacc8100011ec751d1905ff63fae3fe2e0ca6d 0.0s

=> => sha256:c9d7e608f73832673479770d66aacc8100011ec751d1905ff63fae3fe2e0ca6d 1.86kB / 1.86kB 0.0s

=> => sha256:f3ac85625e767ee0ec42b5a2ef93880251cd973b86f77124c4ed39bccd2f8bf9 30.06MB / 30.06MB 1.3s

=> => sha256:cef99caa15fe8fdcd9b6edce648170b984bb470cb4fd7c3470a8677cbf70ccf6 3.04kB / 3.04kB 0.0s

=> => sha256:fe6d1ba7ae23775176ca857c2af51839443b978af2b711a771f4e8457dcef9d6 12.52kB / 12.52kB 0.0s

=> => sha256:52c4af7a39c39eedcaf52194d52f333a71017ffe436a4e3725ebeb10f91baccf 86.93MB / 86.93MB 3.8s

=> => sha256:826c69643efc7a2fa413b41d83553f587c092a532d2d6582de3caf323e79a005 226B / 226B 1.3s

=> => sha256:48bbb37a166bb998d4d6855dd70df915916376afc2a7eb0646a4453bbd43e8d6 19.17MB / 19.17MB 2.8s

=> => extracting sha256:f3ac85625e767ee0ec42b5a2ef93880251cd973b86f77124c4ed39bccd2f8bf9 9.2s

=> => sha256:946bbe7211684bcd10ae8486cd441fc15f18504b0795e1bbc3b0687b492b215e 269B / 269B 1.9s

=> => sha256:c5ba13601c856716cb7971ee60f01f0138236c05cadff15fd387bd5308610f98 475B / 475B 2.5s

=> => sha256:e63b292a06a12240a013c7c7fc0ccc4117d2e75937b72ec7aa64b77333157619 510B / 510B 3.1s

=> => sha256:ac2e4aa724ec9f16deec3d76b47c10c6416bdc26682dcbd436831f789ef66ab5 10.76MB / 10.76MB 4.0s

=> => sha256:60f3998c5ba63dc3318a94cdcd5edb313a1d9f325e5be9fef1e36a83db40ab1c 493B / 493B 3.9s

=> => sha256:988fd8f2e2a7cea48d53220bcfd81139bcdf83c3d7390a6e621f0490748a0762 10.00MB / 10.00MB 4.6s

=> => sha256:dc1c2b16275e20d87f9de7355eda30f5d6a84fea15e01fdac4600fa3d0f7a45a 2.46kB / 2.46kB 4.3s

=> => sha256:a0a2e1d76bfef0e3b37afb36c4e1ff0398f1f92988f2b1cacc63e953fd4e203d 244B / 244B 4.4s

=> => sha256:3a667e35f6ca703bb8fed26fbcdb5dc8c6819a82112f6c4da8dd9441e6c222c3 891B / 891B 4.7s

=> => extracting sha256:826c69643efc7a2fa413b41d83553f587c092a532d2d6582de3caf323e79a005 0.0s

=> => extracting sha256:52c4af7a39c39eedcaf52194d52f333a71017ffe436a4e3725ebeb10f91baccf 17.0s

=> => extracting sha256:946bbe7211684bcd10ae8486cd441fc15f18504b0795e1bbc3b0687b492b215e 0.0s

=> => extracting sha256:48bbb37a166bb998d4d6855dd70df915916376afc2a7eb0646a4453bbd43e8d6 4.2s

=> => extracting sha256:c5ba13601c856716cb7971ee60f01f0138236c05cadff15fd387bd5308610f98 0.0s

=> => extracting sha256:e63b292a06a12240a013c7c7fc0ccc4117d2e75937b72ec7aa64b77333157619 0.0s

=> => extracting sha256:ac2e4aa724ec9f16deec3d76b47c10c6416bdc26682dcbd436831f789ef66ab5 0.5s

=> => extracting sha256:60f3998c5ba63dc3318a94cdcd5edb313a1d9f325e5be9fef1e36a83db40ab1c 0.0s

=> => extracting sha256:988fd8f2e2a7cea48d53220bcfd81139bcdf83c3d7390a6e621f0490748a0762 1.8s

=> => extracting sha256:dc1c2b16275e20d87f9de7355eda30f5d6a84fea15e01fdac4600fa3d0f7a45a 0.0s

=> => extracting sha256:a0a2e1d76bfef0e3b37afb36c4e1ff0398f1f92988f2b1cacc63e953fd4e203d 0.0s

=> => extracting sha256:3a667e35f6ca703bb8fed26fbcdb5dc8c6819a82112f6c4da8dd9441e6c222c3 0.0s

=> [www internal] load build context 4.2s

=> => transferring context: 37.89MB 4.1s

=> [www] FROM docker.io/library/composer:latest@sha256:ee4676ef56f97c82f11b421717386bcf9353a53bee9276c414ad80a0a4dc0e02 24.6s

=> => resolve docker.io/library/composer:latest@sha256:ee4676ef56f97c82f11b421717386bcf9353a53bee9276c414ad80a0a4dc0e02 0.0s

=> => sha256:ee4676ef56f97c82f11b421717386bcf9353a53bee9276c414ad80a0a4dc0e02 1.65kB / 1.65kB 0.0s

=> => sha256:f6fee97370fbde11b86c2a571f1788aefc29e29672dbb8ceeb66785dc62b5de0 11.61kB / 11.61kB 0.0s

=> => sha256:84daa36296e4131baa878696b156f234bdbba14d45c098d535a7977d133cc2c9 3.25kB / 3.25kB 0.0s

=> => sha256:af252c8885a7ef2b1e85bce006efb30a7c8fb938ae8b50557ac99f551db6347d 2.82MB / 2.82MB 5.2s

=> => sha256:41380dbb2574885d6efd5d44c03067af395ce0303f74e6aa7a08b639904dfb09 1.26kB / 1.26kB 5.3s

=> => sha256:3a0a53e1b8079d8de445a7d2739eb1b065a4df2f537d45e8ceaeeb4469bc61a2 268B / 268B 5.5s

=> => extracting sha256:af252c8885a7ef2b1e85bce006efb30a7c8fb938ae8b50557ac99f551db6347d 0.4s

=> => sha256:83a1cb08c153498a9be7caaa2185c10e49058066ae96cb5f9a71d928b5b615a5 499B / 499B 5.6s

=> => sha256:e047714a905aeb3085f24804f128f996f8652475104aabeccc96d46e2b5d8741 12.49MB / 12.49MB 6.1s

=> => sha256:a823bdce6d4900de117ddad0572b8f58c795e051543a1ffcbdf9d23626dea6e4 19.65MB / 19.65MB 8.6s

=> => sha256:0a5912cb7b33d5cc4c747e9c6e85606d780d02ed0db3eb60130baa080178dce3 2.45kB / 2.45kB 6.1s

=> => extracting sha256:41380dbb2574885d6efd5d44c03067af395ce0303f74e6aa7a08b639904dfb09 0.0s

=> => sha256:00793d4382f7a2149912ef9897d9923ba0894f13a9bc62438ba9dded2b9bdba1 19.11kB / 19.11kB 6.5s

=> => sha256:c7a2a6c176a1976be48907ffc0136b5aa7728f82e5ba4107f3627aeb9953c878 33.24MB / 33.24MB 7.4s

=> => extracting sha256:3a0a53e1b8079d8de445a7d2739eb1b065a4df2f537d45e8ceaeeb4469bc61a2 0.0s

=> => extracting sha256:e047714a905aeb3085f24804f128f996f8652475104aabeccc96d46e2b5d8741 0.5s

=> => sha256:12daba0c8ab18c465f6334989a062567fadd24887fe1b1b1b49494c843ec3768 263B / 263B 7.0s

=> => sha256:ec67af609aee28b376fa933d6b9f9dd83e49c9ea1d3cf9c985ca37771d7ab785 15.98MB / 15.98MB 8.1s

=> => extracting sha256:83a1cb08c153498a9be7caaa2185c10e49058066ae96cb5f9a71d928b5b615a5 0.0s

=> => sha256:6b2b5ac8f88d87baa1de849a80f12e9e5640dfdeaeb9f4c9c1d930ed41a6e709 418B / 418B 8.0s

=> => sha256:c551c33f70b76b959018ace3055ab9852ce783f34744811ef215a57d56f5ac26 124B / 124B 8.4s

=> => extracting sha256:a823bdce6d4900de117ddad0572b8f58c795e051543a1ffcbdf9d23626dea6e4 2.1s

=> => extracting sha256:0a5912cb7b33d5cc4c747e9c6e85606d780d02ed0db3eb60130baa080178dce3 0.0s

=> => extracting sha256:00793d4382f7a2149912ef9897d9923ba0894f13a9bc62438ba9dded2b9bdba1 0.0s

=> => extracting sha256:c7a2a6c176a1976be48907ffc0136b5aa7728f82e5ba4107f3627aeb9953c878 5.7s

=> => extracting sha256:12daba0c8ab18c465f6334989a062567fadd24887fe1b1b1b49494c843ec3768 0.0s

=> => extracting sha256:ec67af609aee28b376fa933d6b9f9dd83e49c9ea1d3cf9c985ca37771d7ab785 5.6s

=> => extracting sha256:6b2b5ac8f88d87baa1de849a80f12e9e5640dfdeaeb9f4c9c1d930ed41a6e709 0.0s

=> => extracting sha256:c551c33f70b76b959018ace3055ab9852ce783f34744811ef215a57d56f5ac26 0.0s

=> [www stage-0 2/8] RUN docker-php-ext-install mysqli pdo_mysql 35.9s

=> [www stage-0 3/8] RUN apt-get update && apt-get install -y libzip-dev && apt-get install -y zlib1g-dev && rm -rf /var/lib/apt/lists/* && docker-php-ext-install zip 21.1s

=> [www stage-0 4/8] COPY --from=composer:latest /usr/bin/composer /usr/local/bin/composer 0.1s

=> [www stage-0 5/8] COPY ./vapi /var/www/html/vapi 3.6s

=> [www stage-0 6/8] RUN rm /var/www/html/vapi/.env 0.4s

=> [www stage-0 7/8] RUN echo "flag{ssrf_e0pgt3az9zeqdd4fhatc}" > /flag.txt 0.4s

=> [www stage-0 8/8] RUN php /var/www/html/vapi/artisan config:cache 1.1s

=> [www] exporting to image 1.6s

=> => exporting layers 1.5s

=> => writing image sha256:c5c7f8b275de7c0a59ffd1988ba18581ef120e17f11a4aadedf002741dcb467f 0.0s

=> => naming to docker.io/library/vapi-www 0.0s

[+] Running 6/5

✔ Network vapi_default Created 0.1s

✔ Volume "vapi_persistent" Created 0.0s

✔ Container vapi-db-1 Created 0.2s

✔ Container vapi-phpmyadmin-1 Create... 0.2s

✔ Container vapi-www-1 Created 0.1s

! phpmyadmin The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested 0.0s

⠋ Container vapi-db-1 Starting 0.0s

Error response from daemon: Ports are not available: exposing port TCP 0.0.0.0:3306 -> 0.0.0.0:0: listen tcp 0.0.0.0:3306: bind: address already in use

davinder@Davinders-MacBook-Air vapi % sudo docker-compose up -d

WARN[0000] The "PUSHER_APP_CLUSTER" variable is not set. Defaulting to a blank string.

WARN[0000] The "APP_NAME" variable is not set. Defaulting to a blank string.

WARN[0000] The "PUSHER_APP_KEY" variable is not set. Defaulting to a blank string.

WARN[0000] /Users/davinder/api/lab/vapi/docker-compose.yml: `version` is obsolete

[+] Running 3/3

✔ Container vapi-db-1 Started 0.2s

✔ Container vapi-phpmyadmin-1 Started 0.3s

✔ Container vapi-www-1 Started 0.2s

davinder@Davinders-MacBook-Air vapi %

After successful installation. You will see something like this:

Davinder Tutorials

This blog is all about Cyber Security and IT

Friday, September 6, 2024

A Critical Security Flaw in LiteSpeed Cache: Insights on CVE-2024-44000

Wednesday, September 4, 2024

What is EU AI Act 2024?

Now lets identify risk level for chat GPT?

Thursday, July 25, 2024

Use of a Broken or Risky Cryptographic Algorithm

Impact

Friday, May 3, 2024

How to setup Vapi Machine for API testing

Vulnerabilities

About Me

Hack The Box Rank

Try Hack Me Rank

Popular Posts

Davinder Tutorials

This blog is all about Cyber Security and IT

Subscribe To

Friday, September 6, 2024

A Critical Security Flaw in LiteSpeed Cache: Insights on CVE-2024-44000

Wednesday, September 4, 2024

What is EU AI Act 2024?

Now lets identify risk level for chat GPT?

Thursday, July 25, 2024

Use of a Broken or Risky Cryptographic Algorithm

Impact

Friday, May 3, 2024

How to setup Vapi Machine for API testing

Vulnerabilities

About Me

Hack The Box Rank

Try Hack Me Rank

Popular Posts