{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/mpp/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["mpp"],"_cs_severities":["critical"],"_cs_tags":["payment-bypass","griefing","rust"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe \u003ccode\u003empp\u003c/code\u003e crate, a Rust library, contains multiple critical vulnerabilities affecting versions prior to 0.8.0. These vulnerabilities allow for a range of malicious activities, including bypassing payment requirements, manipulating payment fees, and griefing existing sessions. Specifically, attackers can perform free \u003ccode\u003etempo/charge\u003c/code\u003e and \u003ccode\u003etempo/session\u003c/code\u003e requests, replay existing \u003ccode\u003etempo/charge\u003c/code\u003e requests, piggyback off existing \u003ccode\u003etempo/session\u003c/code\u003e channels, grief existing \u003ccode\u003etempo/session\u003c/code\u003e channels, manipulate the fee payer, and replay existing \u003ccode\u003estripe/charge\u003c/code\u003e requests. Given the severity of these issues, organizations utilizing \u003ccode\u003empp\u003c/code\u003e in their payment processing systems are at significant risk. Upgrade to version 0.8.0 is the only remediation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable \u003ccode\u003empp\u003c/code\u003e instance running a version prior to 0.8.0.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a \u003ccode\u003etempo/charge\u003c/code\u003e request, exploiting the vulnerability to bypass payment verification.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted request to the \u003ccode\u003empp\u003c/code\u003e instance, resulting in a free charge.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker replays a previously valid \u003ccode\u003etempo/charge\u003c/code\u003e request, bypassing payment verification.\u003c/li\u003e\n\u003cli\u003eThe attacker exploits the \u003ccode\u003etempo/session\u003c/code\u003e vulnerability to gain unauthorized access to an existing session.\u003c/li\u003e\n\u003cli\u003eThe attacker piggybacks off the existing \u003ccode\u003etempo/session\u003c/code\u003e channel for malicious purposes.\u003c/li\u003e\n\u003cli\u003eThe attacker can also grief the \u003ccode\u003etempo/session\u003c/code\u003e channel, disrupting legitimate user activity.\u003c/li\u003e\n\u003cli\u003eThe attacker may also manipulate the fee payer information within tempo or stripe charge/session handlers to force another party to pay for their requests.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can lead to significant financial losses due to payment bypass. Attackers can perform unauthorized transactions, manipulate fees, and disrupt legitimate services. The absence of available workarounds prior to patching amplifies the risk. Organizations utilizing the vulnerable versions of \u003ccode\u003empp\u003c/code\u003e are exposed to potential fraud and service disruption. The severity is considered critical due to the direct impact on payment processing integrity and potential for widespread abuse.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade \u003ccode\u003empp\u003c/code\u003e to version 0.8.0 to remediate the vulnerabilities.\u003c/li\u003e\n\u003cli\u003eImplement network monitoring to detect and block replay attacks targeting \u003ccode\u003etempo/charge\u003c/code\u003e or \u003ccode\u003estripe/charge\u003c/code\u003e requests.\u003c/li\u003e\n\u003cli\u003eReview logs for unexpected free \u003ccode\u003etempo/charge\u003c/code\u003e or \u003ccode\u003etempo/session\u003c/code\u003e requests after patching.\u003c/li\u003e\n\u003cli\u003eMonitor payment gateways for unusual activity, such as manipulated fee payers.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-mpp-payment-bypass/","summary":"Multiple vulnerabilities were discovered in mpp versions prior to 0.8.0 that allowed for payment bypass and griefing, including performing free charge and session requests, replaying existing charge requests, piggybacking and griefing existing session channels, manipulating fee payers, and replaying stripe charge requests.","title":"MPP Multiple Payment Bypass and Griefing Vulnerabilities","url":"https://feed.craftedsignal.io/briefs/2024-01-mpp-payment-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - Mpp","version":"https://jsonfeed.org/version/1.1"}