WatchGuard Support Alert
| WatchGuard Support Alert
Dear Valued Partner,
The following was sent to affected TDR users:
On 11 March 2020, a pen testing company, RedTeam PenTesting
GMBH, disclosed a credential disclosure vulnerability in the AD Helper to
exploit-db.com (link below). The disclosure states that by accessing the AD Helper
web interface, a call to an API endpoint is made that responds with plaintext
credentials to all configured domain controllers.|
On 9 March 2020, WatchGuard released a fix for this vulnerability in AD Helper 126.96.36.19917. In this version, the offending REST endpoint no longer returns plaintext passwords. In addition, the service running the configuration UI is only available locally through the loopback IP address (Localhost/127.0.0.1). This means that users must log in to the computer locally to access the AD Helper Configuration UI.
Please make sure your AD Helper is up-to-date and runs version 188.8.131.5217 or higher. If your AD Helper runs a lower version and cannot auto-update, you must manually update your AD Helper. If your AD Helper cannot communicate with TDR or cannot auto-update, follow the steps found here.
Additionally, if you cannot update the AD Helper immediately, you can use firewall rules to minimize the exposure of the AD Helper to external networks, which would limit the scope of the vulnerability. While it is still a serious vulnerability, and you will want to patch quickly, most internet-based attackers should not be able to reach this web interface unless you allowed it via your firewall.
WatchGuard greatly appreciates members of the security community who find and responsibly disclose vulnerabilities in our product so that we can correct them and make our products as secure as possible. We thank RedTeam PenTesting GMBH for responsibly bringing this to our attention.