Late last evening (4th of April), ethical hacker Geeknik alerted us that he was able to find a vulnerability on the Heimdal Security website. Namely, he has able to discover that our website’s 404 handler was vulnerable to Cross Site Scripting (XSS).
Note: The vulnerability was only located in our website, not our range of security products.
This means that a malicious hacker experienced with script injection techniques could have theoretically fooled the browsers displaying our website to display a foreign, malicious script. Some browsers, such as Mozilla, are not able to correctly identify that a script should not be trusted, and thus they display it as if it’s indeed coming from the website the user is trying to access.
In the wrong hands, this information can be used for unfriendly ends, replacing the legitimate scripts on the target website with a hacker’s own. The malicious script can then access any cookies, session tokens, or other sensitive information retained by the browser in connection with that website. These scripts can even rewrite the content of the HTML page, making the website display something else to the user than its owners intended.
Luckily, it didn’t come to that in this case. With the help of Geeknik, we discovered it before any malicious third party were able to exploit in order to tamper with the website’s content or affect our readers in any way.
We were grateful to Geeknik Labs for pointing us the XSS vulnerability to us and proceeded to fix it right away. Using Cross Site Scripting Prevention Best Practices, our security developers were able to fix the flaw and make sure the Heimdal Security Website was secure once again.
The author of the discovery received a small reward from us and the incident is documented now in the OpenBugBounty Library.