Breach and Clear

Securing Our Client's Front Doors

  • Back to War Stories
  • Service Provided:
    Web Application Penetration Testing
  • Client Industry:
    Healthcare & Insurance
  • Company Size:
    50k+ Employees

Engagement Overview:

This engagement was with a prominent healthcare insurance provider, a key player in the industry with a significant online presence. The provider's online healthcare platform is a critical component of their service delivery, serving millions of customers and processing a vast amount of sensitive data daily. The scope of the engagement was a comprehensive web application penetration test, focusing on identifying vulnerabilities in the client's online platform and assessing the security of their digital assets.

Our Approach:

Our team embarked on this engagement by employing standard manual penetration testing techniques. This process led to the discovery of a variety of vulnerabilities, including cross-site scripting vulnerabilities within the client's primary Identity Management application. A particularly intriguing discovery was an issue with the application's login page. The page was designed to prompt for a password only if the entered username was correct. If the username was incorrect, the page would revert to the username input field. This design flaw enabled our team to enumerate various usernames within the client's organization.
Upon the discovery of the user enumeration vulnerability, the tester who made the discovery felt there was a bigger issue at hand. This intuition led the team to come together, leveraging each other's unique skills and expertise. By refraining from entering a password and simply clicking submit, the user would be redirected to a Multi-Factor Authentication (MFA) token screen. This effectively bypassed the need for a password. The team then shifted their focus to understanding how the application handled MFA. A significant breakthrough was achieved when one of our testers discovered that the client's public IP address was sent to the server in a request just before the MFA prompt. By replacing this value with a local IP address such as 127.1.1.1, the MFA prompt was bypassed, and the tester was granted access to the various applications that the user had access to.
This series of vulnerabilities, when exploited in sequence, presented a critical risk to the client. The ability to bypass both password and MFA authentication could potentially allow unauthorized access to sensitive applications and data. The discovery of these vulnerabilities by our team highlighted the importance of thorough penetration testing in identifying and addressing security risks. It also underscored the potential for even seemingly minor design flaws to have significant security implications. The collaborative nature of our team played a crucial role in this process, as we leveraged each other's skills and expertise to uncover and exploit these vulnerabilities.

Engagement Outcome:

Following the discovery of the vulnerabilities, we worked directly with the software vendor through the client to report these security flaws. We walked them through the exploitation chain, helping them understand each vulnerability in detail. This collaborative approach was instrumental in ensuring a clear understanding of the issues at hand and the potential risks they posed.
Once the vulnerabilities had been addressed by the vendor, we conducted a retest to confirm the effectiveness of the remediations. This retest was successful, confirming that the vulnerabilities had been properly patched and the security risks mitigated.
This engagement underscored the importance of collaboration in addressing security vulnerabilities. By working closely with the client and the software vendor, we were able to ensure a thorough understanding of the vulnerabilities, facilitate their remediation, and confirm their successful resolution. This process not only addressed the immediate security risks but also contributed to improving the overall security posture of the client's digital assets.