[German]On April 9, 2022, 0-day exploit exploiting vulnerabilities in LPAP NGINX implementation became known. Spontaneously the question came up if you have to react now if you use NGINX in your environment. A blog reader sent me a note the other day about what to watch out for in this regard. Here is a quick overview of this issue.
Advertising
nginx is a web server software, reverse proxy and email proxy developed by Igor Sysoev and released under the BSD license. Nginx is currently used on about 44% of the 10,000 highest traffic websites. Malwarebytes published this post on April 13, 2022 about a 0-day vulnerability that was disclosed on April 9, 2022. The hacker group BlueHornet had tweeted about an experimental exploit for NGINX 1.18 and promised to warn affected companies. On April 10, 2022, BlueHornet claimed to have penetrated the Chinese branch of UBS Securities via the NGINX vulnerability. I didn't follow the whole thing in detail – but the tweet below, which addresses a 0-day exploit on the topic, came to my attention.
And a blog reader alerted me via Mastodon and linked to this blog post on the nginx blog dated April 11, 2022. The April 9, 2022 vulnerabilities relate to NGINX's LDAP reference implementation. During analysis, the team determined that only this reference implementation is affected. NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is required if the reference implementation is not used.
The NGINX LDAP reference implementation uses the Lightweight Directory Access Protocol (LDAP) to authenticate users of applications brokered by NGINX. It is published as a Python daemon and associated NGINX configuration on GitHub. The blog post details the purpose and configuration of the reference implementation with respect to the vulnerability. So if necessary, read the blog post to find out, if you are affected.
