Revive Adserver Whitespace Impersonation Vulnerability

A vulnerability in Revive Adserver versions through 6.0.2 allows the creation of usernames with leading or trailing whitespace. This whitespace normalization issue can make such usernames visually indistinguishable from legitimate ones in the user interface, leading to potential impersonation of administrative accounts. While the vulnerability does not directly grant elevated privileges, it could facilitate social engineering attacks and create confusion in audit logs.

Impact

Exploitation of this vulnerability allows for the creation of accounts that appear identical to privileged users, such as administrators. This can be used to impersonate these users, confuse operators, and obscure malicious activities. Additionally, actions taken by the impersonating account may be misattributed to the legitimate admin account, complicating incident response efforts.

Reproduction

To reproduce this vulnerability, log into Revive Adserver with an account that has permission to create new users. Navigate to the 'Users Access' section and select 'Add User'. When prompted to enter a username, include leading or trailing spaces, such as ' admin'. After saving the new user, check the user list or any interface that displays usernames. The newly created account will appear nearly identical to the actual admin account, making it difficult to distinguish between the two.

Remediation

Users can apply the patch available in the Revive Adserver security advisory SA-2025-004, which is set to be released soon. This patch disallows whitespace in usernames while still allowing full Unicode support.