Priva Vendor Backdoor: Hidden Superuser
The Level Nine research team identified a backdoor login function written into the Priva Office application. This backdoor allows complete access to the Priva administrative interface and is not listed in the application user interface as a user account. A weak method is employed by the application to generate the special login password. The research team developed a script that successfully automates the generation of the backdoor password for accessing vulnerable installations.
The Priva application bytecode indicates that when a username of “SUPER___” is provided the password for this hidden account is compared to a real-time generated value from the internal software function specialPassword(). This function works by generating the current (today) user password from the calendar date. As a result, a threat actor with knowledge of this password generation pattern could abuse it to gain access to any Priva system.