APG Technology ClassMaster Unauthorized Folder Access Vulnerability
BID:13604
Info
APG Technology ClassMaster Unauthorized Folder Access Vulnerability
| Bugtraq ID: | 13604 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 12 2005 12:00AM |
| Updated: | May 12 2005 12:00AM |
| Credit: | Discovery is credited to Alex Garrett. |
| Vulnerable: |
APG Technology Classmaster |
| Not Vulnerable: | |
Discussion
APG Technology ClassMaster Unauthorized Folder Access Vulnerability
ClassMaster is reportedly affected by a vulnerability that may allow attackers to gain unauthorized access to users' folders.
An attacker is able to gain complete access to user shares over a network without providing any sort of authentication credentials.
All versions of ClassMaster are considered vulnerable at the moment.
ClassMaster is reportedly affected by a vulnerability that may allow attackers to gain unauthorized access to users' folders.
An attacker is able to gain complete access to user shares over a network without providing any sort of authentication credentials.
All versions of ClassMaster are considered vulnerable at the moment.
Exploit / POC
APG Technology ClassMaster Unauthorized Folder Access Vulnerability
An exploit is not required.
The following proof of concept is available:
Map account to a drive:
net use [drive]: \\[server]\[user]$
Change directory to target folder:
cd 'My files'
An exploit is not required.
The following proof of concept is available:
Map account to a drive:
net use [drive]: \\[server]\[user]$
Change directory to target folder:
cd 'My files'
Solution / Fix
APG Technology ClassMaster Unauthorized Folder Access Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
APG Technology ClassMaster Unauthorized Folder Access Vulnerability
References:
References:
- APG Classmaster Weak Permissions (SecuriTeam)
- Classmaster Product Page (APG Technology)