Rewterz

Rewterz Threat Alert – Borat RAT – Active IOCs

April 4, 2022
Rewterz

Rewterz Threat Advisory – Multiple Microsoft Edge (Chromium-based) Vulnerabilities

April 5, 2022

Rewterz Threat Advisory – CVE-2022-1162 – GitLab Password Security Vulnerability

Severity

High

Analysis Summary

The exploitation of CVE-2022-1162 can allow a threat actor to guess a hard-coded password for any GitLab account with relative ease. The root cause of CVE-2022-1162 is in the account registration process using an OmniAuth provider (e.g., OAuth, LDAP, SAML) where a hardcoded password is set with a predictable pattern that allows a threat actor to brute force a registered user’s password based on the pattern. It is important to note that only GitLab deployments where user accounts are created using an OmniAuth provider are in scope for being vulnerable to CVE-2022-1162.

Impact

  • Credential Theft
  • Account Compromise

Indicators Of Compromise

CVE

  • CVE-2022-1162

Affected Vendors

  • GitLab

Affected Products

  • GitLab CE/EE versions 14.7 prior to 14.7.7
  • GitLab CE/EE versions 14.8 prior to 14.8.5
  • GitLab CE/EE versions 14.9 prior to 14.9.2

Remediation

Upgrade to the latest patches (versions 14.9.2, 14.8.5, and 14.7.7) and updates here. This is a critical vulnerability and patches should be updated instantaneously.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.