Urgent - possible malicious code on axshare.com


#1

TLDR:
according to our IT department, the corporate firewall is blocking the following attack originating from axshare.com:

https://fortiguard.com/encyclopedia/ips/15787

Which suggest there might be malicious code present.

Context:

In our company we are experiencing issues with sketches on axshare.com taking literal ages to load. The problem seems to exist for newly created/published sketches (in Ax9) only. The same sketches load fine on the less protected guest network, or when using a phone hotspot. When reporting this to our IT department, they noticed the corporate firewall blocking traffic due to the above cause.

let me know if further info is needed.


#2

Could you provide us with additional information from your scanner (the specific site or code that it thinks is initiating the attack)? This is likely a false positive, but we would like to gather more information to be sure. The error seems to be referring to a long since patched vulnerability for IE 7 and below. We discontinued support for IE 7 several years ago.


#3

@admin1 i’ve DM’ed you with more info.

Maybe related, and it didn’t occur to me before, but the url is not HTTPS, i thought Axure share was enforcing HTTPS. The url given by Ax9 is http, not https!


#4

Thanks, @Bertus. If you change your workspace to use SSL (this option must be configured via http://share.axure.com rather than http://app.axure.cloud) your prototypes should all serve over https. If you go to the workspace in share.axure.com, you can look in the upper right and click “CONFIGURE SECURITY.” Check this option:

image

I would be interested to know if this helps with your frame issue. The code your issue links to has not been modified in quite some time so I’m not sure why a scanner would start flagging it now.


#5

yw @admin1, i’ve enabled HTTPS on our workspace (wasn’t aware we hadn’t already) i’ll check the coming days with the teams to see if this has resolved the issues.


#6

As expected, using https resolves the loading issue (firewall can’t see the content) which is for me right now the main thing, this topic can be closed