Added Template to detect Exposed Instances of RLOS Cabinet Management… #10387
Conversation
|
Hi @NoelV11 Can you share some link or reference to this ? Thanks |
|
Good evening @DhiyaneshGeek , If i may ask, do you require the link to a vulnerable instance to test this, or for the RLOS System software documentation in general? As far as i have seen, there have been no mentions of this being detected previously https://www.edms-consultants.com/newgen-rlos/ Thank you |
|
Hi @NoelV11 i have made some changes to the template and moved to the correct directory Let me know if these changes looks good Thanks for sharing this template to the community and contributing to the template project 😄 |
|
Good evening @DhiyaneshGeek, Wanted to make a small clarification, this template supports detection of exposed panel for any host and does not rely on specific subdomain address. |
|
Hi @NoelV11 let's keep this template as it is and feel free to send us a another PR for panel detection Thanks |
|
Thank you @DhiyaneshGeek , we can go ahead with this template and make it available publicly, once reviewed. Thank you for spearheading and maintaining such an awesome initiative 💯 |
… Panel
Template / PR Information
Description: Retail Loan Origination Systems,developed by NewGen Software is used to streamline consumer loan origination from banking institutions, with end-to-end automation of loan requests in a paperless environment. A Cabinet Panel is used by an RLOS Service to manage storage volumes, that in turn store documents, containing customer PII submitted through the webapp. The RLOS Web Application is deployed on a special service subdomain on of the client's domain infrastructure - with the suffix “rlos" (for example - rlos.company_domain.com) . The path to the Cabinet Storage is omniapp/pages/cabinet/managecabinet.jsf?Action=1. If exposed, it gives an attacker insight into information such as Storage Volume Name, Cabinet Name, it's alias, Deployed AppServer IP Address and Port
Impact: An attacker can deploy foreign application server instances on the panel using breached credentials for the subdomain, access information about the volume storage and escalate the misconfiguration, by de-registering existing storage systems, so as to route all documents submitted through the platform on an adversary-controlled application server, potentially leading to further compromise.
Template Validation
I've validated this template locally?
Additional Details (leave it blank if not applicable)
Additional References: