GTT Tax Information System Authentication Bypass Vulnerability
Vulnerability
A bypass vulnerability has been identified in the authentication method of the GTT Tax Information System application, specifically related to the Active Directory (LDAP) login process. The application uses a local WebSocket for authentication, but it fails to properly validate the authenticity or origin of the received data. This flaw allows an attacker with access to the local machine or internal network to impersonate the legitimate WebSocket and inject manipulated information. Exploiting this vulnerability could enable an attacker to authenticate as any user in the domain without valid credentials, compromising the application's data and functionality.
Impact
Exploitation of this vulnerability could allow an attacker to authenticate as any user in the domain, bypassing the need for valid credentials and potentially leading to unauthorized access and actions within the application.
Remediation
The vulnerability has been fixed by disabling the Active Directory (LDAP) authentication method. The issue is no longer exploitable.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.