PHPAuction Administrative Interface Authentication Bypass Vulnerability
BID:12069
Info
PHPAuction Administrative Interface Authentication Bypass Vulnerability
| Bugtraq ID: | 12069 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 21 2004 12:00AM |
| Updated: | Dec 21 2004 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Tobias Glemser <[email protected]>. |
| Vulnerable: |
PHPAuction PHPAuction 2.1 PHPAuction PHPAuction 2.0 PHPAuction PHPAuction 1.3 PHPAuction PHPAuction 1.2 |
| Not Vulnerable: | |
Discussion
PHPAuction Administrative Interface Authentication Bypass Vulnerability
PhpAuction is reported prone to an authentication bypass vulnerability. It is reported that this vulnerability exists due to a weak design of the system used to control access to the PhpAuction administrative interface.
By simply editing a session cookie value an attacker may bypass the PhpAuction authentication system and gain access to the administrative interface.
PhpAuction is reported prone to an authentication bypass vulnerability. It is reported that this vulnerability exists due to a weak design of the system used to control access to the PhpAuction administrative interface.
By simply editing a session cookie value an attacker may bypass the PhpAuction authentication system and gain access to the administrative interface.
Exploit / POC
PHPAuction Administrative Interface Authentication Bypass Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
PHPAuction Administrative Interface Authentication Bypass Vulnerability
Solution:
It is reported that the latest version of PhpAuction addresses this vulnerability, this is not confirmed.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It is reported that the latest version of PhpAuction addresses this vulnerability, this is not confirmed.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PHPAuction Administrative Interface Authentication Bypass Vulnerability
References:
References:
- PHPauction Homepage (PHPauction)