CVE-2023-45727: Proself Zero-Day Security Vulnerability

On October 4, 2023, Proself, a Japanese company that offers online storage and file-sharing solutions, identified a zero-day vulnerability in its Proself product. The vulnerability is classified as an XML External Entity (XXE) vulnerability, and it has the identifier CVE-2023-45727.

XXE vulnerabilities are a type of injection attack that allows attackers to inject malicious XML code into a web application. This code can then be executed by the application, giving the attacker control over the system.

In the case of the CVE-2023-45727 vulnerability, attackers can exploit it to transmit Proself account data externally, potentially enabling unauthorized access to Proself.

Proself has confirmed that this vulnerability is being exploited in the wild. The company has urged all of its customers to take immediate action to protect their accounts.

How to Check if You’ve Been Affected

To check if you’ve been affected by the CVE-2023-45727 vulnerability, you can follow these steps:

For Linux OS users:

1. Launch the console and navigate to Proself’s installation folder under /logs.
   cd /usr/local/Proself5/logs
2. Execute the following command:
   # grep “jp.co.northgrid.proself.updater.afterreboot.logic.AfterRebootCheckLogic  – .*Proself Ver” proself_updater.log*

For Windows OS users:

1. Open Command Prompt and navigate to Proself’s installation folder under /logs.
   cd “C:\Program Files\Proself5\logs”
2. Execute the following command:
   findstr /R /C:”jp.co.northgrid.proself.updater.afterreboot.logic.AfterRebootCheckLogic  – .*Proself Ver” proself_updater.log*

If, upon executing the above commands, you observe outputs resembling the following:

It indicates a potential breach. Please promptly contact the company at info@proself.jp or via its contact form. Should you notice any other suspicious logs, reach out immediately.

Immediate Measures

Proself has urged all of its customers to implement the following provisional measures:

1. Download the updaterafterreboot.xml file from https://support.proself.jp/public/tAIqAwIAvqA2rlEAT4ffrY7laqegWFKh-foM.
2. Enter your email address and click Get Password to receive a one-time password.
3. Enter the one-time password and click Submit Password.
4. Overwrite the downloaded updaterafterreboot.xml file in the folder specified under the Proself installation folder
   1. For Linux users:
      If the Proself installation folder is “/usr/local/Proself5”, the overwriting destination of “updaterafterreboot.xml” is as follows: /usr/local/Proself5/webapps/proself/WEB-INF/xml/process/admin/config/
   2. For Windows users:
      If the Proself installation folder is “C:\Program Files\Proself5”, the overwriting destination of “updaterafterreboot.xml” is as follows.

      C:\Program Files\Proself5\webapps\proself\WEB-INF\xml\process\admin\config\

Proself has also released Proself Version 5.63, which addresses this vulnerability. The company is kindly requesting all customers to update their software. The upcoming versions of Proself Gateway Edition and Proself Mail Sanitize Edition will be released shortly.

For currently supported editions—Proself Enterprise Edition Ver.5, Proself Standard Edition Ver.5, Proself Gateway Edition Ver.1, and Proself Mail Sanitize Edition Ver.1—Proself will release versions that address this vulnerability. However, the company will not be releasing such versions for editions that are no longer supported, such as Proself Enterprise Edition Ver.4 and below, and Proself Standard Edition Ver.4 and below. If you’re using any of these unsupported versions, the company recommends discontinuing its use or upgrading to Ver.5, as persisting with these older versions poses a risk of exploitation and potential data breaches.