Speedy Asp Discussion Forum Authentication Bypass Vulnerability

Bugtraq ID:	18170
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 30 2006 12:00AM
Updated:	May 31 2006 04:47PM
Credit:	ajann is credited with the discovery of this vulnerability.
Vulnerable:	ASPwebSoft Speedy Asp Discussion Forum 0
Not Vulnerable:

Speedy Asp Discussion Forum Authentication Bypass Vulnerability

Speedy Asp Discussion Forum is prone to an authentication-bypass vulnerability. The issue occurs because the affected script fails to require proper authentication credentials.

An attacker can exploit this issue to bypass authentication, potentially allowing the attacker to gain administrative access to the web application. This could aid in further attacks on the affected computer.

Speedy Asp Discussion Forum Authentication Bypass Vulnerability

This issue can be exploited through a web client.

Example web pages have been provided to exploit this issue:

• /data/vulnerabilities/exploits/18170-1.html
• /data/vulnerabilities/exploits/18170-2.html

Speedy Asp Discussion Forum Authentication Bypass Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Speedy Asp Discussion Forum Authentication Bypass Vulnerability

References:

• Speedy Asp Discussion Forum Project Page (ASPwebSoft)
  
• Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit ([email protected])