Log4j Vulnerability: A Potentially Disastrous flaw

NVD Published Date12/10/2021
NVD Last Modified12/15/2021
Base Score10.0 Critical

Log4j? Still, wondering what is it? Two years into the pandemic and the challenges around remote working are still taking their toll. As yet another security nightmare is in full swing. Attackers this time made it an easy way to exploit platforms and still generated maximum output by targeting applications that are widely used by different organizations, including Amazon, Apple iCloud, Cisco, Cloudflare, Steam, Tesla, Twitter, Minecraft, and many more. On Minecraft Servers, attackers have been able to gain RCE by simply pasting a specially crafted message into the chatbox. 

What is Log4j Flaw?

For a gist, A flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10, the highest level possible.

Log4J is different yet effective because it is not limited to one or two software, rather it is embedded in almost every Java-based product or web service and Java is the most used language the landscape is very wide making it difficult to protect and remediate easily. Because of its widespread use, the internet has been put on high alert as hackers increase their efforts to target weak systems. 


Log4j in Full Swing

Once again major repels have been sent this week taking away cybersecurity experts’ sleep. Log4Shell is the latest zero-day vulnerability that is putting a challenge on cybersecurity experts as people these days are even less cautious making organizations more susceptible. 

Log4 shell was flagged last Thursday when hackers used it in the servers of Minecraft. Experts precisely mentioned that the source of the vulnerability is Log4J. 

Hackers have been taking advantage of the bug since the start of the month, as indicated by experts from Cisco and Cloudflare. Though the attacks increased drastically following Apache’s Disclosure on Thursday. To date, attackers have exploited the flaw to install crypto miners on vulnerable systems, steal system credentials, burrow deeper within compromised networks, and steal data.

What can attackers do?

Attackers can trick Log4j into running malicious code by constraining it to store a log entry that incorporates a specific line of text. The manner in which attackers are doing this changes from one program to another, however in Minecraft, it has been accounted for that this was done through chat boxes. A log entry is made to chronicle every one of these messages, so assuming that the perilous line of the message is sent from one user then onto the next it will be embedded into a log.

However, Apple servers were found to make a log section recording the name given to an iPhone by its proprietor in settings. 

The Flaw is particularly critical because: 

  • If the system is by any chance vulnerable the attacker will get full access to your system. 
  • The vulnerability requires a low degree of expertise to take advantage of.
  • The exploit can be sent over HTTPS where we will be unable to examine the scrambled traffic or block the port.
  • At this point, there is certifiably not a solid method for detecting it by means of vulnerability scanners and since the landscape is wide it is difficult to mitigate after the attack.

Meanwhile, it is also worth noting that this bug doesn’t affect all versions of Log4j, and only affects the versions between 2.0 and 2.14.1.

What should you do?

Below is how you can mitigate this vulnerability

  1. In releases >=2.10, set the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true.
  2. In releases 2.0-beta9 to 2.10.0, remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class.
  3. Upgrade the log4j library to vers
  4. Update to version 2.16.0 or later.ion 2.15.0.
  5. More products may release patches over the next few days and weeks, and so organizations should make sure they’re checking for updates regularly.
  6. Set Web Application Firewall rules and check the list of the vulnerable software

Like this blog, check our latest infographic on Supply Chain Attacks: https://www.tikaj.com/blog/supply-chain-attacks/

More related content for you

Scroll to top