Wazuh Dashboard Users Beware – Security Flaw Allows Unauthorized Access

CVECVE-2023-42455
CVSScvssV3_1: 8.8
SourceCVE-2023-42455

Wazuh is an open source security monitoring tool used by many organizations to detect threats and ensure compliance. Unfortunately, versions 4.4.0 and 4.4.1 of its dashboard component contain a vulnerability that could allow unauthorized access.

The issue stems from the ability to view the Wazuh API administrator key directly in the browser’s developer tools by any user logged into the dashboard, regardless of their assigned role. This key can then be used to take full control of the API and gain administrator privileges without proper authorization.

Attackers could exploit this by simply logging into an exposed dashboard instance and extracting the secret key. They would then be able to access and modify all configuration, rules and data within the Wazuh platform. For organizations relying on it for security and auditing, this type of privilege escalation could have serious consequences.

The good news is Wazuh developers have addressed the problem in version 4.4.2. All users are strongly recommended to upgrade immediately. As an additional precaution, consider restricting dashboard access to trusted internal networks only for now. Also confirm your API keys have not been compromised by checking activity logs for unusual changes.

Staying on top of software updates is critical for security. This incident serves as an important reminder of how even minor flaws could be leveraged by motivated attackers if not promptly patched.

References