close
close
newpress

Cequence Discovers Critical Vulnerability in Major Food and Drug Retailer’s IT Infrastructure

Posted on by Josh L
Cequence Discovers Critical Vulnerability in Major Food and Drug Retailer’s IT Infrastructure

Security Sequence announced that its research group CQ Prime Threat Research has discovered a critical vulnerability in the IT infrastructure of one of the largest food and drug retailers, affecting four subdomains. These subdomains inadvertently expose the drive endpoint, allowing unauthorized users to access and extract sensitive data such as administrator passwords from memory dumps that offer a snapshot of active objects and potentially sensitive information.

The vulnerability has a CVSS score of 9.8, indicating the highest possible severity and potential for massive breaches, underscoring the urgency and importance of addressing it. It was discovered on May 9, 2024, and has since been patched by the retailer’s team using Cequence.

An open endpoint provides a backdoor to AppDynamics

The disclosed dynamic memory dump endpoint included the username and password of an administrator to AppDynamics, a business monitoring platform that helps organizations monitor and manage the performance of their applications and IT operations. This access allowed attackers to extract memory snapshots directly from the server. These snapshots can be analyzed using tools such as Visual VM to reveal sensitive information that can then be used to gain unauthorized administrative access to the AppDynamics portal.

With this administrator access, attackers can:

  • Add and remove employee login access
  • Track traffic across all apps, including in-store and online
  • Create policies to review or remove sensitive account information that increases the risk of a data breach
  • Implement policies that prevent normal operations, disable security measures, or create backdoors for future attacks
  • Obtain valid access tokens without proper authorization, allowing them to impersonate legitimate API clients

“The implications of this disclosure are significant,” said Parth Shukla, security engineer at Cequence. “An attacker with access to AppDynamics could potentially monitor all of a retailer’s applications, obtaining information about online orders, customer behavior and even in-store point-of-sale data. This can expose vast amounts of sensitive information and leave the entire operational landscape vulnerable to inspection and manipulation.”

Aggressive research based on the Spyder API

The CQ Prime Threat Research team discovered the vulnerability through a red teaming effort and API Spyder, a SaaS-based Cequence detection tool that gives an attacker access to an organization’s public resources to detect external API hosts, unauthorized hosting providers, and custom API security. questions

“Our mission is to make the world safer. That’s why, in addition to defensive research for our customers, we also conduct offensive research to proactively find vulnerabilities before attackers do,” said Randolph Barr, CISO at Cequence. “Our CQ Prime Threat Research Team constantly simulates real-world attacks to identify and neutralize potential threats. This proactive approach ensures we stay one step ahead in protecting our customers and their data.”

Once detected, an attacker could potentially allow unauthorized access to administrative functions. This weakness meant that an attacker could bypass the need for a compromised login and password, instead gaining the ability to create, update, delete, and modify system operations using their own access credentials.

Additional resources:

  • Learn more about the vulnerability in our latest blog.
  • Follow us LinkedIn and X.