IBM WebSphere Host On-Demand Authentication Bypass Vulnerability
BID:21540
Info
IBM WebSphere Host On-Demand Authentication Bypass Vulnerability
| Bugtraq ID: | 21540 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 11 2006 12:00AM |
| Updated: | Dec 11 2006 12:00AM |
| Credit: | Dave Ferguson of FishNet Security is credited with the discovery of this vulnerability. |
| Vulnerable: |
IBM Host on Demand 9.0 IBM Host on Demand 8.0 IBM Host on Demand 7.0 IBM Host on Demand 6.0 |
| Not Vulnerable: | |
Discussion
IBM WebSphere Host On-Demand Authentication Bypass Vulnerability
IBM WebSphere Host On-Demand is prone to an authentication-bypass vulnerability because it fails to authenticate users before providing access to sensitive web pages.
Exploiting this issue could allow an attacker to cause denial-of-service conditions, to reconfigure services, to alter security configuration, or to administer LDAP services. Other attacks may also be possible.
IBM WebSphere Host On-Demand versions 6.0, 7.0, 8.0, and 9.0 are vulnerable to this issue; other versions may also be affected.
IBM WebSphere Host On-Demand is prone to an authentication-bypass vulnerability because it fails to authenticate users before providing access to sensitive web pages.
Exploiting this issue could allow an attacker to cause denial-of-service conditions, to reconfigure services, to alter security configuration, or to administer LDAP services. Other attacks may also be possible.
IBM WebSphere Host On-Demand versions 6.0, 7.0, 8.0, and 9.0 are vulnerable to this issue; other versions may also be affected.
Exploit / POC
IBM WebSphere Host On-Demand Authentication Bypass Vulnerability
An attacker can exploit this issue via a web client.
An attacker can exploit this issue via a web client.
Solution / Fix
IBM WebSphere Host On-Demand Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
IBM WebSphere Host On-Demand Authentication Bypass Vulnerability
References:
References:
- WebSphere Host On-Demand Product Page (IBM)
- Unauthenticated access to IBM Host On-Demand administration pages ("Ferguson, David (Kansas City)"