TaskTracker Customize.ASP Administrator Unauthorized Access Vulnerability

Bugtraq ID:	21847
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 02 2007 12:00AM
Updated:	Jan 04 2007 08:36PM
Credit:	Ajann is credited with discovering this issue.
Vulnerable:	Geckovich TaskTracker Pro 1.5 Geckovich TaskTracker 1.4
Not Vulnerable:

TaskTracker Customize.ASP Administrator Unauthorized Access Vulnerability

TaskTracker is prone to an unauthorized-access vulnerability because the application fails to check user credentials before allowing access to administrative functionality.

Attackers may exploit this issue to create accounts with administrative privileges and compromise the vulnerable application.

TaskTracker 1.4, Pro 1.5, and prior versions are vulnerable to this issue.

TaskTracker Customize.ASP Administrator Unauthorized Access Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/21847.html

TaskTracker Customize.ASP Administrator Unauthorized Access Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

TaskTracker Customize.ASP Administrator Unauthorized Access Vulnerability

References:

• TaskTracker Homepage (Geckovich)