Arch bugs in BSS Gleb Cherbov Security Researcher Digital Security (ERPScan)
© , Digital Security Banking 2 Arch bugs in BSS
© , Digital Security 3 Arch bugs in BSS Internet banking. Client side
© , Digital Security How it worx 4 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment
© , Digital Security How it worx 5 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment
© , Digital Security How it worx 6 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment
© , Digital Security How it worx 7 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment
© , Digital Security Select a target 8 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment SQL injection Insider attack
© , Digital Security Select a target 9 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment
© , Digital Security Select a target 10 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment
© , Digital Security 11 Arch bugs in BSS Operators environment OperatorDBMS oper_login oper_pass dbo_admin Authentication
© , Digital Security 12 Arch bugs in BSS dbo_admin is the only account at DBMS dbo_admin has full access every operator can connect to DBMS directly oper auth on app side Dbo_admin
© , Digital Security 13 Arch bugs in BSS dbo_admin password is encrypted Lookin for a passwd and stored in a.cfg file near the app
© , Digital Security 14 Arch bugs in BSS Quote its impossible to decrypt it (c) BSS support
© , Digital Security 15 Arch bugs in BSS Lets take a look RSA modulus RSA private exp Unusual base64 alphabet
© , Digital Security 16 Arch bugs in BSS Lets take a look Well… looks like base64?
© , Digital Security 17 Arch bugs in BSS Also… Innovative password storage widely used in BSS products With the same hardcoded RSA key
© , Digital Security Malware 18 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment Get conf file Decrypt dbo_admin pass Wreak havoc
© , Digital Security 19 Arch bugs in BSS Attack vector? Insider Targeted attack Malware
© , Digital Security 20 Arch bugs in BSS Tricky data manipulations
Digital Security in Moscow: +7 (495) Digital Security in Saint Petersburg: +7 (812) Questions?