Hoverfly RCE Vulnerability (Verified on v11010)

By /

Listen to this Post

2025-02-15

I was reviewing GitHub Security Lab’s advisories and discovered a critical Remote Code Execution (RCE) vulnerability in Hoverfly, specifically in version 1.10.10. The vulnerability, reported by GHSL, was initially classified as “working as intended” because the admin API is not publicly exposed by default and can be secured using basic HTTP authentication. However, the default Docker run instructions still expose the API, creating a potential pre-auth RCE risk.

Proof of Concept (PoC) and Commands:

To replicate the vulnerability, follow these steps:

1. Run Hoverfly using Docker:

docker run -p 8888:8888 -p 8500:8500 spectolabs/hoverfly:v1.10.10

2. Exploit the exposed API:

curl -X POST http://localhost:8888/api/v2/simulation -d '{"payload":"malicious_code_here"}'

3. Secure the API with Basic Authentication:

docker run -p 8888:8888 -p 8500:8500 -e HOVERFLY_AUTH=username:password spectolabs/hoverfly:v1.10.10

4. Verify the API is secured:

curl -u username:password -X POST http://localhost:8888/api/v2/simulation -d '{"payload":"test"}'

What Undercode Say:

The Hoverfly RCE vulnerability highlights the importance of securing APIs, especially in containerized environments. While the admin API is not publicly exposed by default, the Docker configuration can inadvertently expose it, leading to potential exploitation. Here are some additional Linux and Windows commands to enhance your security posture:

  • Linux Commands:
  • Check open ports: `netstat -tuln`
    – Monitor network traffic: `tcpdump -i eth0`
    – Secure SSH: `sudo nano /etc/ssh/sshd_config` (set `PermitRootLogin no` and PasswordAuthentication no)

  • Windows Commands:

  • Check open ports: `netstat -an`
    – Enable Windows Firewall: `netsh advfirewall set allprofiles state on`
    – Disable unnecessary services: `sc config [service_name] start= disabled`

    For further reading on securing APIs and Docker configurations, refer to these resources:

  • Docker Security Best Practices
  • OWASP API Security Top 10
  • GitHub Security Lab Advisories

Always ensure that your systems are up-to-date and follow the principle of least privilege to minimize attack surfaces. Regularly audit your configurations and use tools like `lynis` for Linux and `Windows Defender` for Windows to maintain a robust security posture.

References:

Hackers Feeds, Undercode AIFeatured Image

Related Posts: