INDEXU Authentication Bypass Vulnerability
BID:2472
Info
INDEXU Authentication Bypass Vulnerability
| Bugtraq ID: | 2472 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 07 2001 12:00AM |
| Updated: | Mar 07 2001 12:00AM |
| Credit: | Reported to bugtraq by Sp4rK <[email protected]> on Wed, 7 Mar 2001. |
| Vulnerable: |
Sentraweb IndexU 2.0 Sentraweb IndexU 1.1 Sentraweb IndexU 1.0 |
| Not Vulnerable: | |
Discussion
INDEXU Authentication Bypass Vulnerability
INDEXU is a web content management system designed for designing and administering a web "portal" site. It uses MySQL databases and a web-based admin interface.
By manipulating the cookies used by INDEXU, it is possible for a remote attacker to assume admin privileges on the site running INDEXU.
This can permit modifications to the site's functionality, and possibuly further compromises.
INDEXU is a web content management system designed for designing and administering a web "portal" site. It uses MySQL databases and a web-based admin interface.
By manipulating the cookies used by INDEXU, it is possible for a remote attacker to assume admin privileges on the site running INDEXU.
This can permit modifications to the site's functionality, and possibuly further compromises.
Exploit / POC
INDEXU Authentication Bypass Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
INDEXU Authentication Bypass Vulnerability
Solution:
Suggested by UNDERSEC Security in an advisory:
Use .htaccess authentication to prevent users from accessing adminitrator area.
Solution:
Suggested by UNDERSEC Security in an advisory:
Use .htaccess authentication to prevent users from accessing adminitrator area.
References
INDEXU Authentication Bypass Vulnerability
References:
References: