Say goodbuy LockBox. Part II

I thought about this yesterday while I was configuring d2 4.7 with docker 😀

Documentum in a (nuts)HELL

Wow, interesting news came from where I didn’t expect: ECN guys states that EMC have stopped torturing customers and gave up the idea of using RSA Lockbox.

Here’s a little history of the Lockbox story that you might want to read:

November 2013

Reported to EMC using support portal, proof of concept how authenticated user was able to gain superuser privileges:

January 2014

EMC released Document D2 v 4.2 and some patches for previous versions, no CVE announced. The EMC “solution” was to encrypt data passed through c6_method_return objects

February 2014

Discovered a reflection attack on D2GetAdminTicketMethod method:

March 2014

EMC released P01 patch for EMC Documentum D2 v4.2, no CVE announced. The vendor “solution” was not to store exception messages into “error” attribute of c6_method_return object if exception message contains “DM_TICKET” character sequence.

April 2014

Discovered another reflection attack based on verbose logging of D2GetAdminTicketMethod:

View original post 87 more words

3 thoughts on “Say goodbuy LockBox. Part II

  1. “new”? LOL. In firefox/chrome: same behaviour than 4.6: thin client mode, http downloads, http upload when checkin a document, after prompt for local file, with “d2 uploader”. IE (with Java): prompt for applet, download opens a select checkout folder to download the file then it opens it. Uploads with “d2 uploader” are automatic. Kill the iplauncher started as IE process child, no more content transfer.
    I always though that the “Java free client” was the thin mode introduced in 4.6 and that has nothing to do with the “workaround” for loading a local java introduced in latest webtop.

    Like

    • I`m an idiot and don’t read the documentation 😀 CTF is not available unless you explicitly configure it on the D2 settings file :/ I’ll post captures in a new post, but don’t expect nothing fancy, there’s not much interface to see

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s