ACGVAnnu Arbitrary User Password Change Vulnerability
BID:22279
Info
ACGVAnnu Arbitrary User Password Change Vulnerability
| Bugtraq ID: | 22279 |
| Class: | Design Error |
| CVE: |
CVE-2007-0697 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 27 2007 12:00AM |
| Updated: | May 12 2015 07:35PM |
| Credit: | ajann is credited with the discovery of this vulnerability. |
| Vulnerable: |
ACGV ACGVannu 1.3 |
| Not Vulnerable: | |
Discussion
ACGVAnnu Arbitrary User Password Change Vulnerability
ACGVannu is prone to a vulnerability that may permit attackers to change arbitrary passwords.
Exploiting this issue may allow an attacker to change an arbitrary user's password, bypass the authentication mechanism, and gain unauthorized access to the affected application. This may lead to other attacks.
This issue affects version 1.3; other versions may also be vulnerable.
ACGVannu is prone to a vulnerability that may permit attackers to change arbitrary passwords.
Exploiting this issue may allow an attacker to change an arbitrary user's password, bypass the authentication mechanism, and gain unauthorized access to the affected application. This may lead to other attacks.
This issue affects version 1.3; other versions may also be vulnerable.
Exploit / POC
ACGVAnnu Arbitrary User Password Change Vulnerability
An attacker can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/index2.php?id=&nom=ajann2&prenom=ajann2&pass=0002455&rubrik=modif&fo_remp=oui&id=167&mail=a&url=http://a&titre=a&descript=+a+&categorie=G%E9n%E9ral&Submit=Gonder
An attacker can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/index2.php?id=&nom=ajann2&prenom=ajann2&pass=0002455&rubrik=modif&fo_remp=oui&id=167&mail=a&url=http://a&titre=a&descript=+a+&categorie=G%E9n%E9ral&Submit=Gonder
Solution / Fix
ACGVAnnu Arbitrary User Password Change Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].