ACS Blog Administrative Access Authentication Bypass Vulnerability
BID:13346
Info
ACS Blog Administrative Access Authentication Bypass Vulnerability
| Bugtraq ID: | 13346 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 24 2005 12:00AM |
| Updated: | Apr 24 2005 12:00AM |
| Credit: | farhad koosha <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
ASP Press ACS Blog Commercial Version 1.1 ASP Press ACS Blog 1.1.3 ASP Press ACS Blog 1.1.2 ASP Press ACS Blog 1.1.1 ASP Press ACS Blog 1.1 b ASP Press ACS Blog 1.1 ASP Press ACS Blog 1.0.3 ASP Press ACS Blog 1.0.2 ASP Press ACS Blog 1.0.1 ASP Press ACS Blog 1.0 ASP Press ACS Blog 0.9 ASP Press ACS Blog 0.8 |
| Not Vulnerable: | |
Discussion
ACS Blog Administrative Access Authentication Bypass Vulnerability
ACS Blog is vulnerable to an authentication bypass vulnerability. This issue is due to a design flaw whereby remote administrative access is granted by a specific client-side cookie value.
Remote attackers may gain administrative access to the software, potentially altering, or destroying the data contained in it. Other attacks may also be possible.
Versions from 0.8 through to 1.1.3, as well as the commercial version are all reported vulnerable.
ACS Blog is vulnerable to an authentication bypass vulnerability. This issue is due to a design flaw whereby remote administrative access is granted by a specific client-side cookie value.
Remote attackers may gain administrative access to the software, potentially altering, or destroying the data contained in it. Other attacks may also be possible.
Versions from 0.8 through to 1.1.3, as well as the commercial version are all reported vulnerable.
Exploit / POC
ACS Blog Administrative Access Authentication Bypass Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
ACS Blog Administrative Access Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
ACS Blog Administrative Access Authentication Bypass Vulnerability
References:
References:
- ACS Blog Homepage (ASP Press)
- ACSblog bug (farhad koosha