Basic Analysis and Security Engine Base_maintenance.PHP Authentication Bypass Vulnerability

Bugtraq ID:	17354
Class:	Design Error
CVE:	CVE-2006-1505
Remote:	Yes
Local:	No
Published:	Apr 03 2006 12:00AM
Updated:	Apr 03 2006 10:13PM
Credit:	Announced by the vendor.
Vulnerable:	BASE Basic Analysis and Security Engine 1.2.2 BASE Basic Analysis and Security Engine 1.2.1 BASE Basic Analysis and Security Engine 1.2
Not Vulnerable:	BASE Basic Analysis and Security Engine 1.2.4

Basic Analysis and Security Engine Base_maintenance.PHP Authentication Bypass Vulnerability

Basic Authentication and Security Engine is prone to an unspecified authentication-bypass vulnerability. An attacker could exploit this to gain unauthorized access to sensitive information.

BASE versions prior to 1.2.4 are prone to this issue.

Basic Analysis and Security Engine Base_maintenance.PHP Authentication Bypass Vulnerability


This issue could be exploited with a web client.

Basic Analysis and Security Engine Base_maintenance.PHP Authentication Bypass Vulnerability

Solution:

A fix is available:


BASE Basic Analysis and Security Engine 1.2

• BASE base-1.2.4
  http://sourceforge.net/project/showfiles.php?group_id=103348&package_i d=128846&release_id=402956

BASE Basic Analysis and Security Engine 1.2.1

• BASE base-1.2.4
  http://sourceforge.net/project/showfiles.php?group_id=103348&package_i d=128846&release_id=402956

BASE Basic Analysis and Security Engine 1.2.2

• BASE base-1.2.4
  http://sourceforge.net/project/showfiles.php?group_id=103348&package_i d=128846&release_id=402956

Basic Analysis and Security Engine Base_maintenance.PHP Authentication Bypass Vulnerability

References:

• Changelog (BASE)
  
• Home Page (Secure Ideas)