Ipswitch WhatsUp Professional 2006 Authentication Bypass Vulnerability
BID:18019
CVE-2006-2531 |Info
Ipswitch WhatsUp Professional 2006 Authentication Bypass Vulnerability
| Bugtraq ID: | 18019 |
| Class: | Origin Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 17 2006 12:00AM |
| Updated: | Jun 29 2006 04:04PM |
| Credit: | Kenneth F. Belva <[email protected]> discovered this issue. |
| Vulnerable: |
Ipswitch WhatsUp Professional 2006 0 |
| Not Vulnerable: |
Ipswitch WhatsUp Professional 2006 .01 |
Discussion
Ipswitch WhatsUp Professional 2006 Authentication Bypass Vulnerability
Ipswitch WhatsUp Professional 2006 is susceptible to a remote authentication-bypass vulnerability.
This issue allows remote attackers to gain administrative access to the web-based administrative interface of the application. This will aid them in further network attacks.
Ipswitch WhatsUp Professional 2006 is susceptible to a remote authentication-bypass vulnerability.
This issue allows remote attackers to gain administrative access to the web-based administrative interface of the application. This will aid them in further network attacks.
Exploit / POC
Ipswitch WhatsUp Professional 2006 Authentication Bypass Vulnerability
An attacker exploits this issue with a web client, possibly in conjunction with readily available network utilities.
The HTTP requests containing the following header information are sufficient to demonstrate this issue:
User-Agent: Ipswitch/1.0
User-Application: NmConsole
An attacker exploits this issue with a web client, possibly in conjunction with readily available network utilities.
The HTTP requests containing the following header information are sufficient to demonstrate this issue:
User-Agent: Ipswitch/1.0
User-Application: NmConsole
Solution / Fix
Ipswitch WhatsUp Professional 2006 Authentication Bypass Vulnerability
Solution:
The vendor has released version 2006.01 to address this issue.
Ipswitch WhatsUp Professional 2006 0
Solution:
The vendor has released version 2006.01 to address this issue.
Ipswitch WhatsUp Professional 2006 0
-
Ipswitch iwp200601.exe
ftp://ftp.ipswitch.com/Ipswitch/product_support/whatsup/iwp200601.exe
References
Ipswitch WhatsUp Professional 2006 Authentication Bypass Vulnerability
References:
References:
- Ipswitch Network Management Product Page (Ipswitch)
- WhatsUp Professional 2006.01 (Ipswitch)
- whatsup.public.txt ("Kenneth F. Belva"
- What's Up Professional Spoofing Authentication Bypass (enneth F. Belva