Novell GroupWise WebAccess Remote Authentication Bypass Vulnerability
BID:12285
Info
Novell GroupWise WebAccess Remote Authentication Bypass Vulnerability
| Bugtraq ID: | 12285 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 17 2005 12:00AM |
| Updated: | Jan 17 2005 12:00AM |
| Credit: | "Marc Ruef" <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
Novell GroupWise WebAccess 6.5 SP2 Novell GroupWise WebAccess 6.5 SP1 Novell GroupWise WebAccess 6.5 Novell GroupWise WebAccess 6.0 SP4 Novell Groupwise 6.5 SP2 Novell Groupwise 6.5 SP1 Novell Groupwise 6.5 Novell Groupwise 6.0 SP4 Novell Groupwise 6.0 SP3 Novell Groupwise 6.0 SP2 Novell Groupwise 6.0 SP1 Novell Groupwise 6.0 |
| Not Vulnerable: | |
Discussion
Novell GroupWise WebAccess Remote Authentication Bypass Vulnerability
A remote authentication bypass vulnerability reportedly affects Novell GroupWise WebAccess. This issue is due to a failure of the application to properly handle access validation functionality.
The access gained through this issue grants minimal privileges; loading and storing data is not possible and services such as email or address books. This issue may be leveraged to exploit other latent vulnerabilities that require authentication.
An attacker may leverage this issue to bypass the required authentication for the affected application.
A remote authentication bypass vulnerability reportedly affects Novell GroupWise WebAccess. This issue is due to a failure of the application to properly handle access validation functionality.
The access gained through this issue grants minimal privileges; loading and storing data is not possible and services such as email or address books. This issue may be leveraged to exploit other latent vulnerabilities that require authentication.
An attacker may leverage this issue to bypass the required authentication for the affected application.
Exploit / POC
Novell GroupWise WebAccess Remote Authentication Bypass Vulnerability
No exploit is required to leverage this issue. The following proof of concept will reportedly grant access to the affected application:
https://www.example.com:1444/servlet/webacc?error=webacc
No exploit is required to leverage this issue. The following proof of concept will reportedly grant access to the affected application:
https://www.example.com:1444/servlet/webacc?error=webacc
Solution / Fix
Novell GroupWise WebAccess Remote Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Novell GroupWise WebAccess Remote Authentication Bypass Vulnerability
References:
References: