Interspire ActiveKB Authentication Cookie Lets Remote Users Gain Administrative Access
|
|
SecurityTracker Alert ID: 1020035 |
|
SecurityTracker URL: http://securitytracker.com/id/1020035
|
|
CVE Reference:
CVE-2008-2338
(Links to External Site)
|
Updated: May 19 2008
|
Original Entry Date: May 16 2008
|
Impact:
User access via network
|
Exploit Included: Yes
|
Version(s): 1.5 and prior versions
|
Description:
A vulnerability was reported in Interspire ActiveKB. A remote user can gain administrative access on the target application.
A remote user can set a specially crafted cookie value (auth=true) to gain access to the administrative interface.
The original advisory and demonstration exploit is available at:
http://milw0rm.com/exploits/5616
t0pP8uZz reported this vulnerability.
|
Impact:
A remote user can gain administrative access on the target application.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.interspire.com/ (Links to External Site)
|
Cause:
Authentication error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 16 May 2008 08:42:55 -0400
Subject: ActiveKB <= 1.5 Insecure Cookie Handling/Arbitrary Admin Access
|
http://milw0rm.com/exploits/5616
|
|
