<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Griefing - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/griefing/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 02 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/griefing/feed.xml" rel="self" type="application/rss+xml"/><item><title>MPP Multiple Payment Bypass and Griefing Vulnerabilities</title><link>https://feed.craftedsignal.io/briefs/2024-01-mpp-payment-bypass/</link><pubDate>Tue, 02 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-mpp-payment-bypass/</guid><description>Multiple vulnerabilities were discovered in mpp versions prior to 0.8.0 that allowed for payment bypass and griefing, including performing free charge and session requests, replaying existing charge requests, piggybacking and griefing existing session channels, manipulating fee payers, and replaying stripe charge requests.</description><content:encoded><![CDATA[<p>The <code>mpp</code> crate, a Rust library, contains multiple critical vulnerabilities affecting versions prior to 0.8.0. These vulnerabilities allow for a range of malicious activities, including bypassing payment requirements, manipulating payment fees, and griefing existing sessions. Specifically, attackers can perform free <code>tempo/charge</code> and <code>tempo/session</code> requests, replay existing <code>tempo/charge</code> requests, piggyback off existing <code>tempo/session</code> channels, grief existing <code>tempo/session</code> channels, manipulate the fee payer, and replay existing <code>stripe/charge</code> requests. Given the severity of these issues, organizations utilizing <code>mpp</code> in their payment processing systems are at significant risk. Upgrade to version 0.8.0 is the only remediation.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker identifies a vulnerable <code>mpp</code> instance running a version prior to 0.8.0.</li>
<li>The attacker crafts a <code>tempo/charge</code> request, exploiting the vulnerability to bypass payment verification.</li>
<li>The attacker sends the crafted request to the <code>mpp</code> instance, resulting in a free charge.</li>
<li>Alternatively, the attacker replays a previously valid <code>tempo/charge</code> request, bypassing payment verification.</li>
<li>The attacker exploits the <code>tempo/session</code> vulnerability to gain unauthorized access to an existing session.</li>
<li>The attacker piggybacks off the existing <code>tempo/session</code> channel for malicious purposes.</li>
<li>The attacker can also grief the <code>tempo/session</code> channel, disrupting legitimate user activity.</li>
<li>The attacker may also manipulate the fee payer information within tempo or stripe charge/session handlers to force another party to pay for their requests.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of these vulnerabilities can lead to significant financial losses due to payment bypass. Attackers can perform unauthorized transactions, manipulate fees, and disrupt legitimate services. The absence of available workarounds prior to patching amplifies the risk. Organizations utilizing the vulnerable versions of <code>mpp</code> are exposed to potential fraud and service disruption. The severity is considered critical due to the direct impact on payment processing integrity and potential for widespread abuse.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately upgrade <code>mpp</code> to version 0.8.0 to remediate the vulnerabilities.</li>
<li>Implement network monitoring to detect and block replay attacks targeting <code>tempo/charge</code> or <code>stripe/charge</code> requests.</li>
<li>Review logs for unexpected free <code>tempo/charge</code> or <code>tempo/session</code> requests after patching.</li>
<li>Monitor payment gateways for unusual activity, such as manipulated fee payers.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>payment-bypass</category><category>griefing</category><category>rust</category></item></channel></rss>