Horizon Alert
Summary of the vulnerability and why it matters
This vulnerability affects File Browser, a web-based file management tool, when configured for proxy authentication. An unauthenticated attacker can impersonate any user, including administrators, by sending a forged HTTP header, and can also create new user accounts without authorization. The primary concern is to confirm if this tool is in use and, if so, whether it is configured with proxy authentication to assess potential exposure.
- Allows impersonation and unauthorized account creation.
- Impacts systems using proxy authentication.
- Confirm relevance and exposure within your environment.
Attack Path
How an attacker could exploit the issue
An unauthenticated attacker who can reach the File Browser server can impersonate any user, including an administrator, by sending a specially crafted HTTP header. This bypasses the need for credentials and allows the attacker to take over user accounts or create new ones without authorization, leading to significant control over the system.
- Attacker can reach the server.
- Attacker sends a forged HTTP header.
- Full account takeover and creation.
Live Threat
Current exploitation, exposure, and threat context
When File Browser is configured with proxy authentication, an unauthenticated attacker could impersonate any user, including an administrator, by sending a forged HTTP header. This vulnerability also allows for the creation of new user accounts without authorization.
- File management access and user accounts.
- Forged HTTP header impersonation.
- Unauthorized access and user creation.
Operational Fix
Recommended remediation, mitigation, and detection steps
This critical vulnerability in File Browser, when configured with proxy authentication, allows unauthenticated attackers to impersonate any user, including administrators, and create new accounts without authorization by sending a forged HTTP header. The first step for any team is to locate all instances of File Browser, determine their reachability and business criticality, identify the accountable owner, and then plan remediation based on the assessed risk.
- Identify application owners and infrastructure.
- Verify proxy authentication configuration and reachability.
- Plan remediation during maintenance windows.