Overview:
Vulnerability was identified in Titus Data Classification Labelling tool. The brief write up narrates the exploitation procedure.
Other details:
Attack type: Local
Privileges required: User level
Vulnerability type: Incorrect permission/access control
Version: Titus — 18.8.1910.140
Impact: Information disclosure
Method: Control bypass
Vulnerability in Titus data classification labelling tool could be exploited using simple hack.
Just normal user level privilege would be sufficient to bypass the data classification/labeling tool.
Steps:
Use command prompt and follow the steps:
1. Start Excel /s <<Filename.xlsx>>
2. Excel will be opened in safe mode
3. Key in data/load contents to the excel file
4. Then save & exit
Classification label will not be applied on the excel file. This will allow us to bypass host based and perimeter DLP tools.
DLP tools basically checks for the classification labels and decides on the action (allow/block/allow & send a copy)
