RailTel, a public sector enterprise that operates under the Ministry of Railways and is known for providing Internet access at train stations, has fixed a list of critical vulnerabilities affecting its website. According to a security researcher, one of the problems could be allowing hackers to reset the password of email account holders. The RailTel site is also using an outdated version of the Joomla content management system that is affected by a list of vulnerabilities, including those that could be exploited to allow attackers to obtain root access or operate the site as an administrator.
Security researcher Sunny Nehra discovered various vulnerabilities affecting RailTel site in early May. He informed Gadgets 360 that one of the issues could have allowed hackers to gain access to RailTel employees’ email accounts by resetting their passwords.
The researcher says that a bad guy can hack an email account because the organization does not use the unlimited rate cap for the one-time password reset (OTP) mechanism available on the email password reset page of the organization. office. This limitation is intended to prevent attackers from using different password combinations to ultimately find the correct password.
In addition to not having rate caps, email systems can be hacked using response manipulation techniques that attackers can leverage to bypass authentication.
“RailTel’s mailing system was made in a very insecure way,” Nehra told Gadgets 360. “It’s closed the password reset page for now.”
The RailTel site is also using Joomla 3.4.2 which was released in 2015. That particular release has already been released. affected by some known vulnerabilities.
Nehra said the site was affected by a vulnerability tracked as CVE-2015-8562 and was exploited by several attackers in December 2015.
“This vulnerability leads to root access or a complete hack of the vulnerable server,” he said, adding that other critical vulnerabilities of an outdated version of Joomla also affect the site.
To explain the flaws, Nehra shared three proof-of-concept (PoC) videos with Gadgets 360.
Immediately after discovering the issues, the researcher disclosed the security vulnerabilities to RailTel and notified India’s Computer Emergency Response Team (CERTIFICATE) and the National Critical Information Infrastructure Protection Center (NCIIPC) on May 6. CERT-In and NCIIPC last week confirmed to the researcher that the issues have been patched by the enterprise.
RailTel also confirms fixes for Gadgets 360 separately.
“RailTel’s website runs behind a Web application firewall and is loaded with host-based anti-virus software, and thus network attackers cannot exploit the vulnerability, if any, and cannot upload a shell to our website,” the organization said in a statement prepared to be emailed to Gadgets 360. “We would like to emphasize that there is NO PROBLEM of any data breach reported. report. “
It also confirms that their site is now running on the latest stable release Joomla platform.
“In addition, we are not currently facing any issues related to email account compromise (domain railtelindia.com),” it said.
RailTel runs a service called RailWire provides free Wi-Fi access at domestic train stations. It co-operate with Google in 2016 to launch a public Wi-Fi initiative called Google Station. However, the partnership ended in May 2020. However, RailTel continues to deliver Free Wi-Fi service at hundreds of railway stations.
In 2017, the RailWire service was named Service providers hardest hit by WannaCry ransomware by the anti-virus company eScan.
In addition to providing Internet access, RailTel has in the past introduced technologies including an artificial intelligence (AI) based timekeeping system for government schools in Assam.