Access_User Class Arbitrary Account Authentication Bypass Vulnerability

Bugtraq ID:	13070
Class:	Access Validation Error
CVE:	CVE-2005-1067
Remote:	Yes
Local:	No
Published:	Apr 08 2005 12:00AM
Updated:	Jul 12 2009 12:56PM
Credit:	This vulnerability was announced by the vendor.
Vulnerable:	Access_user Class Access_user Class 1.6
Not Vulnerable:	Access_user Class Access_user Class 1.75

Access_User Class Arbitrary Account Authentication Bypass Vulnerability

Access_user Class is affected by an arbitrary account authentication bypass vulnerability. This issue is due to the application retaining 'new' as a valid password to all accounts. Attackers with knowledge of valid usernames can login to any account using 'new' as the password.

The vendor has released an update addressing this issue in Access_user Class version 1.75; earlier versions are reported affected.

Access_User Class Arbitrary Account Authentication Bypass Vulnerability

No exploit is required.

Access_User Class Arbitrary Account Authentication Bypass Vulnerability

Solution:
The vendor has addressed this issue in Access_user Class 1.75.


Access_user Class Access_user Class 1.6

• Access_user Class Access_user Class 1.75
  http://www.finalwebsites.com/classes/download.php?fc=10

Access_User Class Arbitrary Account Authentication Bypass Vulnerability

References:

• Access_user Class Homepage (Access_user Class)