Threat Management, Vulnerability Management

Laserfiche software vulnerability prompts porn ad hosting in government sites

Share

Motherboard reports that numerous government and military websites have been found to host porn and sex enhancement drug advertisements during the past year.

Such ads have been prompted by a vulnerability in the Laserfiche software leveraged by government agencies, which have enabled the files to be pushed without authorization to the sites, according to security researcher Zach Edwards.

"This vulnerability created phishing lures on .gov and .mil domains that would push visitors into malicious redirects, and potentially target these victims with other exploits," said Edwards, who added that the unwanted ads have been found on 50 different government subdomains.

Edwards found that some of the uploaded ads were connected to Laserfiche, which has already been notified regarding the issue.

"The vulnerability described here in this advisory is being exploited in a way where an unauthenticated third party can use Laserfiche Forms to temporarily host uploaded files for distribution," Laserfiche stated.

Meanwhile, Edwards has called on government and military agencies using Laserfiche to promptly apply patches and required remediation efforts.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.