CVE-2021-3882

Name of the Vulnerable Software and Affected Versions LedgerSMB version 1.8

Description The issue is related to the absence of the 'Secure' attribute in session authorization cookies when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. This allows an attacker to obtain authentication data by capturing network traffic if they can trick a user into using an unencrypted connection. Although the attacker cannot access the information inside the cookie or the user's password, possessing the cookie is enough to access the application as the user from which the cookie was obtained. The attack requires the server to be configured to respond to unencrypted requests, the attacker to be positioned to eavesdrop on network traffic, and the user to be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit the impact of the attack.

Recommendations For LedgerSMB version 1.8, upgrade to a known-fixed version. As a temporary workaround, configure the Apache or Nginx reverse proxy to add the Secure attribute at the network boundary using the 'Header always edit' configuration command in the mod headers module for Apache or the 'proxy cookie flags' configuration command for Nginx.