FileProtection Express Authentication Bypass Vulnerability

Bugtraq ID:	17786
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 02 2006 12:00AM
Updated:	May 03 2006 03:15AM
Credit:	Nomenumbra is credited with the discovery of this vulnerability.
Vulnerable:	FileProtection Express FileProtection Express 1.0.1 FileProtection Express FileProtection Express 1.0
Not Vulnerable:

FileProtection Express Authentication Bypass Vulnerability

FileProtection Express is prone to an authentication-bypass vulnerability. The issue occurs because the affected application fails to verify cookie-based authentication credentials.

An attacker can exploit this issue to bypass authentication and gain access to the affected application's administrative section. This could aid in further attacks on the affected computer.

FileProtection Express Authentication Bypass Vulnerability

This issue can be exploited through a web client.

FileProtection Express Authentication Bypass Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

FileProtection Express Authentication Bypass Vulnerability

References:

• FileProtection Express Web Site (Andrew Berggren)
  
• FileProtection Express <= 1.0.1 authentification bypass ([email protected])