Read Time:1 Minute, 44 Second
A recent study by AppOmni has uncovered a critical vulnerability in over 1,000 enterprise ServiceNow instances, resulting in the exposure of sensitive corporate data. Organizations relying on ServiceNow for knowledge management and collaboration are at risk.
Misconfigured Knowledge Base Access Controls
The vulnerability stems from misconfigured Knowledge Base (KB) access controls. AppOmni’s research revealed that nearly 45% of enterprise ServiceNow instances had incorrectly configured User Criteria, leading to the exposure of sensitive data such as:
- Personal Identifiable Information (PII)
- Internal system details
- Active credentials and tokens
Root Cause: Inadequate Access Control Measures
Unlike traditional Access Control Lists (ACLs), which offer a more robust security mechanism, ServiceNow KBs utilize User Criteria. However, these criteria lack the added layer of security provided by the ‘UserIsAuthenticated’ Security Attribute. As a result, unauthenticated users can gain access to restricted KB articles.
Unauthenticated Access and Data Exposure
Moreover, many administrators are unaware that certain User Criteria, such as ‘Any User’ and ‘Any user for kb’, grant access to unauthenticated users. This oversight has led to unintended data exposure. Additionally, some instances still retain the insecure ‘allow public access by default’ value for KBs, further exacerbating this issue.
Exploitation Method
Unauthenticated malicious actors can exploit this vulnerability using a simple technique involving an HTTP proxy like Burp Suite. By brute-forcing article IDs, they can identify and access exposed articles. This method enables them to obtain unauthorized access to sensitive information.
Recommendations for Mitigation
Organizations must take immediate action to mitigate this vulnerability and protect their sensitive data: - Review and correct KB access controls using the ‘UserIsAuthenticated’ Security Attribute.
- Activate out-of-the-box Business Rules to prevent unauthenticated access by default.
- Run diagnostics on KB access controls regularly using ServiceNow’s built-in tools.
- Be aware of relevant security properties and ensure their proper configuration.
Conclusion
The misconfiguration of ServiceNow KB access controls poses a significant security risk to affected organizations. By addressing these vulnerabilities promptly, businesses can enhance their defenses against data breaches and safeguard their critical assets. Regularly reviewing access controls and implementing robust security measures are essential steps toward maintaining a secure cyber environment.
