-
Type: Bug
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: 1.4.1
-
Component/s: Authentication
-
None
An internal audit has discovered the following security vulnerability, so would you kindly consider addressing this:
SLSL-179-UC-3-14 Insecure LoadLibrary() Call Description: The application loads a system DLL without specifying its path. As a result, if an attacker is able to plant a DLL with the same name in directory parsed first in the search path, it will be loaded instead. The following code demonstrates this issue: int sspi_init( ) { sspi_secur32_dll = LoadLibrary("secur32.dll"); if (!sspi_secur32_dll) { return GetLastError(); } ...[SNIP]... Recommendation: Modify the LoadLibrary() call to specify the full path of the DLL in order to ensure only the intended version is used, rather than a planted malicious binary.
Reference file: