Hackers could have exploited cross-site scripting vulnerabilities found in popular helpdesk platform Deskpro to hijack the sessions of administrators and takeover the accounts of helpdesk agents.
This would give the attackers the same privileges as admins and agents in terms of what they could execute or information they are exposed to, according to a blog by the Checkmarx researchers who found the flaw while auditing the platform. In certain cases, attackers could have reset the entire helpdesk, wiping all system data.
Given the shift to remote work and the need for helpdesk software that lets remote teams collaborate, Checkmarx audited Deskpro’s security as part of the company’s bug bounty program. Checkmarx researchers said attackers could exploit the issue in two ways:
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.