Novell iChain Server Remote Information Disclosure Unauthorized Access Vulnerability
BID:12813
Info
Novell iChain Server Remote Information Disclosure Unauthorized Access Vulnerability
| Bugtraq ID: | 12813 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 15 2005 12:00AM |
| Updated: | Mar 15 2005 12:00AM |
| Credit: | Discovery is credited to Francisco Amato <[email protected]>. |
| Vulnerable: |
Novell iChain Server 2.3 SP2 Novell iChain Server 2.3 build 269 Novell iChain Server 2.3 Novell iChain Server 2.2 SP3 Novell iChain Server 2.2 |
| Not Vulnerable: | |
Discussion
Novell iChain Server Remote Information Disclosure Unauthorized Access Vulnerability
Novell iChain server is reported prone to an information disclosure vulnerability that can lead to unauthorized access.
An attacker on the local network can sniff network traffic and gain access to sensitive information such as configuration data and authentication credentials for various services.
An attacker can also sniff network traffic, obtain a sensitive cookie and use it in a malicious Java applet to gain unauthorized access to the iChain server by hijacking another user's account.
This vulnerability can allow an attacker to gain administrative access to an affected iChain server.
Novell iChain server is reported prone to an information disclosure vulnerability that can lead to unauthorized access.
An attacker on the local network can sniff network traffic and gain access to sensitive information such as configuration data and authentication credentials for various services.
An attacker can also sniff network traffic, obtain a sensitive cookie and use it in a malicious Java applet to gain unauthorized access to the iChain server by hijacking another user's account.
This vulnerability can allow an attacker to gain administrative access to an affected iChain server.
Exploit / POC
Novell iChain Server Remote Information Disclosure Unauthorized Access Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Novell iChain Server Remote Information Disclosure Unauthorized Access Vulnerability
Solution:
Novell has released Technical Information Document TID10096885 to address this issue. Please see the document in Web references for more information.
Solution:
Novell has released Technical Information Document TID10096885 to address this issue. Please see the document in Web references for more information.
References
Novell iChain Server Remote Information Disclosure Unauthorized Access Vulnerability
References:
References: