RSAuction Suspended Account Security Bypass Vulnerability
BID:23895
Info
RSAuction Suspended Account Security Bypass Vulnerability
| Bugtraq ID: | 23895 |
| Class: | Design Error |
| CVE: |
CVE-2007-2595 |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | switzer is credited with discovering this issue. |
| Vulnerable: |
RScript RSAuction 2.73.1.3 |
| Not Vulnerable: | |
Discussion
RSAuction Suspended Account Security Bypass Vulnerability
RSAuction is prone to a security-bypass vulnerability due to a design error.
Successful exploits may allow attackers to activate suspended accounts, bypassing certain security restrictions.
RSAuction 2.73.1.3 is reported vulnerable; other versions may also be affected.
RSAuction is prone to a security-bypass vulnerability due to a design error.
Successful exploits may allow attackers to activate suspended accounts, bypassing certain security restrictions.
RSAuction 2.73.1.3 is reported vulnerable; other versions may also be affected.
Exploit / POC
RSAuction Suspended Account Security Bypass Vulnerability
Attackers can exploit this issue by clicking the activation link received when the account was registered.
Attackers can exploit this issue by clicking the activation link received when the account was registered.
Solution / Fix
RSAuction Suspended Account Security Bypass Vulnerability
Solution:
The vendor has released an update to address this issue. Contact the vendor for details.
Solution:
The vendor has released an update to address this issue. Contact the vendor for details.