Critical Security Flaw: Unauthenticated Password Disclosure in TG8 Firewall (CVE-2021-4471)

Overview

CVE-2021-4471 details a significant security vulnerability in the TG8 Firewall. This flaw allows a remote, unauthenticated attacker to access a sensitive directory, such as /data/, via HTTP without any authentication requirements. This directory contains credential files for previously logged-in users, potentially exposing usernames and passwords.

Technical Details

The vulnerability stems from the TG8 Firewall’s failure to implement proper access controls on certain directories. Specifically, the /data/ directory, which stores user credential files, is accessible over HTTP without any form of authentication. An attacker can enumerate and download files within this directory. By analyzing these files, the attacker can obtain valid account usernames and passwords. The root cause is the lack of authentication mechanism before granting access to sensitive system files.

CVSS Analysis

As of the publication date, the National Vulnerability Database (NVD) and other sources haven’t provided a CVSS score for CVE-2021-4471. However, given the nature of the vulnerability – unauthenticated remote access to user credentials – it’s likely to be classified as a Critical severity issue. The ability to directly obtain usernames and passwords without authentication represents a significant security risk.

Possible Impact

The impact of CVE-2021-4471 is severe. A successful exploit can lead to:

• Loss of Confidentiality: Exposure of sensitive user credentials, including usernames and passwords.
• Unauthorized Access: Attackers can use the stolen credentials to gain unauthorized access to the firewall’s management interface, internal network resources, and potentially other systems connected to the firewall.
• Compromised Systems: Attackers can leverage their access to compromise systems behind the firewall.

Mitigation or Patch Steps

Unfortunately, official patches from TG8 Security may not be available, given the company’s reported lack of active development and eventual shutdown. However, the following steps can be taken to mitigate the risks:

• Restrict Access: If possible, restrict network access to the TG8 Firewall’s management interface.
• Disable HTTP Access: If possible, disable HTTP access entirely.
• Firewall Rules: Implement strict firewall rules to block unauthorized access to the /data/ directory.
• Network Segmentation: Segment the network to limit the impact of a potential breach.
• Upgrade or Replace: The most effective long-term solution is to upgrade to a more secure firewall solution from a reputable vendor. Given the lack of support for TG8 firewalls, this is strongly recommended.

References

• SSD Disclosure Advisory – TG8 Firewall Preauth RCE and Password Disclosure
• TG8 Security (Archived Website)
• VulnCheck Advisory – TG8 Firewall Unauthenticated User Password Disclosure