Please suggest a solution to ensure that all required DLLs are present and correctly configured and also to Verify the integrity of DLLs to prevent tampering or unauthorized modifications.
Please let me know if we have any inbuild unity setting for the same.
VAPT Scan Observations
- During the assessment, we discovered a missing DLL vulnerability that could potentially lead to DLL hijacking. DLL hijacking is a method of injecting malicious code into an application by exploiting the way some Windows applications search and load Dynamic Link Libraries (DLL), allowing an attacker to place a malicious DLL with the same name in a location searched by the application, such as the application’s directory or system folders.
- app calling DLLs that are missing from the application’s folder, creating an opportunity for an attacker to exploit this vulnerability. Upon further investigation, it was found that the build was hosted in the Desktop folder instead of Program Files, which exposes the folder to unauthorized modifications from the user account.
- However, it is taken into consideration that the server is installed with anti-virus and network segmentation is in place. performed by creating a malicious DLL of the name NVUnityPlugin.dll and adding it to the same folder as the app. The malicious DLL is then loaded by the application during runtime, resulting in the built-in calculator application being opened.
Implications
If exploited, an attacker could inject malicious code into the application’s execution, leading to various security breaches, including:
- Unauthorized access: The attacker could gain unauthorized access to sensitive information stored or processed by the application.
- System compromise: The attacker could execute arbitrary commands, leading to system compromise and potential control over the affected system.
- Data manipulation: Malicious code injected through DLL hijacking could manipulate data processed by the application, leading to data corruption or loss.
- Exploitation of user privileges: The attacker could exploit the application’s privileges to escalate their own privileges and gain unauthorized access to system resources.
Recommendations
- Conduct a thorough review of the application’s dependencies and ensure that all required DLLs are present and correctly configured. Verify the integrity of DLLs to prevent tampering or unauthorized modifications.
- Configure the app to not call/load the .dll if it is not operationally required.
- Store the binaries in the Program Files folder which prevents tampering by non-admin accounts. If the build folder is to be stored in the Desktop folder, restrict write permissions to the directory.