CitrusDB Remote Authentication Bypass Vulnerability
BID:12560
Info
CitrusDB Remote Authentication Bypass Vulnerability
| Bugtraq ID: | 12560 |
| Class: | Design Error |
| CVE: |
CVE-2005-0408 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 15 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | Discovery of this vulnerability is credited to RedTeam. |
| Vulnerable: |
CitrusDB Customer Database 0.3.6 |
| Not Vulnerable: | |
Discussion
CitrusDB Remote Authentication Bypass Vulnerability
CitrusDB is reportedly affected by an authentication bypass vulnerability. This issue is due to the application using a static value during the creation of user cookie information.
An attacker could exploit this vulnerability to log in as any existing user, including the 'admin' account.
This issue is reported to affect CitrusDB 0.3.6; earlier versions may also be affected.
CitrusDB is reportedly affected by an authentication bypass vulnerability. This issue is due to the application using a static value during the creation of user cookie information.
An attacker could exploit this vulnerability to log in as any existing user, including the 'admin' account.
This issue is reported to affect CitrusDB 0.3.6; earlier versions may also be affected.
Exploit / POC
CitrusDB Remote Authentication Bypass Vulnerability
No exploit is required.
The following proof of concept is available for demonstrating cookie information sufficient to log in as 'admin':
curl -D - --cookie "id_hash=4b3b2c8666298ae9771e9b3d38c3f26e;
user_name=admin" http://www.example.com/citrusdb/tools/index.php
No exploit is required.
The following proof of concept is available for demonstrating cookie information sufficient to log in as 'admin':
curl -D - --cookie "id_hash=4b3b2c8666298ae9771e9b3d38c3f26e;
user_name=admin" http://www.example.com/citrusdb/tools/index.php
Solution / Fix
CitrusDB Remote Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
CitrusDB Remote Authentication Bypass Vulnerability
References:
References:
- Authentication bypass in CitrusDB (RedTeam)
- CitrusDB Customer Database Home Page (CitrusDB)