A critical vulnerability is affecting the NGINX UI, a widely used third-party web management tool for NGINX, the most popular web server. Unauthenticated attackers can download a full system backup with user credentials, session tokens, SSL private keys, configurations, and other sensitive data.
All previous NGINX UI versions are vulnerable, and the maintainers urge upgrading the software to version 2.3.3. This web UI tool has 10,800 stars on GitHub.
“The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header,” the maintainer using an alias 0xJacky explains in the security advisory.
The ease of exploitation is trivial – hackers only need to craft a malicious HTTP request to achieve full server compromise. The proof-of-concept code has also been released. The severity of the vulnerability is critical, with a CVSS score of 9.8 out of 10.
“This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately,” the maintainer warns.
The conversation on this topic is live. Join in the discussion.
This open-source tool isn’t a standard NGINX component, and isn’t installed by default. However, many administrators prefer using a web dashboard rather than editing configuration files directly.
Attackers can only exploit NGINX UI endpoints that are exposed to the public internet. The best practice is to restrict administrative interfaces to internal networks only.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked