magevulndb icon indicating copy to clipboard operation
magevulndb copied to clipboard
verified publisher icon sansecio

Cardgate_Payment, TIG_Buckaroo3Extended & MultiSafepay_Connect

Open Roger-Keulen opened this issue 6 years ago • 2 comments

Cardgate_Payment, TIG_Buckaroo3Extended & MultiSafepay_Connect

Roger-Keulen avatar Sep 02 '19 14:09 Roger-Keulen

Thanks, do you have more information on the TIG_Buckaroo3Extended and MultiSafepay_Connect issues?

gwillem avatar Sep 02 '19 14:09 gwillem

Yes, the Buckaroo issue was not prefixing before storing data in checkout session data. There for i could overwrite the "quote_id" and other data. Magento did not check customer_id and the customer_id on the quote and thus outputing quotes that did not belong to the customer.

https://github.com/tig-nl/buckaroo-magento1/commit/797c1b5d5cfda9b55c4945b6b64752c0b2f55efe#diff-616f4f3ff1d97bdc5bd562299e4c0f54

++" || strpos($data['name'], 'buckaroo') === false" <== Added to mitigate the problem.

Also fixed inside Magento as extra security hardening: PRODSECBUG-2095: Defense-in-depth session validation check implemented - CVE-2019-7849

The Multisafepay issue is discussed here: https://github.com/MultiSafepay/Magento2Msp/issues/91

Roger-Keulen avatar Sep 02 '19 14:09 Roger-Keulen

TIG_Buckaroo3Extended was purged from Github, previously at https://github.com/tig-nl/buckaroo-magento1/releases

https://web.archive.org/web/20180617175820/https://github.com/tig-nl/buckaroo-magento1

gwillem avatar Dec 22 '22 08:12 gwillem

I am deeply ashamed that we didn't merge this earlier. It was flagged as "needs further investigation" and then it was ruthlessly ignored :(

Regardless, thanks a lot for your contribution in making Magento safer!

gwillem avatar Dec 22 '22 09:12 gwillem