BID:21879

JamWiki Topics Relocation Authentication Bypass Vulnerability

Info

JamWiki Topics Relocation Authentication Bypass Vulnerability

Bugtraq ID:	21879
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 05 2007 12:00AM
Updated:	Jan 05 2007 08:01PM
Credit:	The vendor reported this issue.
Vulnerable:	JamWiki JamWiki 0.4.3 JamWiki JamWiki 0.4.2 JamWiki JamWiki 0.4.1 JamWiki JamWiki 0.4 JamWiki JamWiki 0.3.6 JamWiki JamWiki 0.3.5 JamWiki JamWiki 0.3.4 JamWiki JamWiki 0.3.3 JamWiki JamWiki 0.3.2 JamWiki JamWiki 0.3.1 JamWiki JamWiki 0.3 JamWiki JamWiki 0.2.1 JamWiki JamWiki 0.2 JamWiki JamWiki 0.1.3 JamWiki JamWiki 0.1.2 JamWiki JamWiki 0.1.1 JamWiki JamWiki 0.1

Not Vulnerable:	JamWiki JamWiki 0.5

Discussion

JamWiki Topics Relocation Authentication Bypass Vulnerability

JamWiki is prone to an authentication-bypass vulnerability because the software fails to perform sufficient authentication checking.

An attacker can exploit this issue to relocate read-only or admin-only topics.

Versions prior to 0.5 are vulnerable to this issue.

Exploit / POC

JamWiki Topics Relocation Authentication Bypass Vulnerability

An attacker can exploit this issue through a web client.

Solution / Fix

JamWiki Topics Relocation Authentication Bypass Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

References

JamWiki Topics Relocation Authentication Bypass Vulnerability

References:

JAMWiki 0.5.0 Release Notes (JamWiki)
JamWiki Home Page (JamWiki)