Akopia Interchange Sample Files Vulnerability
BID:2499
Info
Akopia Interchange Sample Files Vulnerability
| Bugtraq ID: | 2499 |
| Class: | Origin Validation Error |
| CVE: |
CVE-2001-0372 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2001 12:00AM |
| Updated: | Jul 11 2009 06:06AM |
| Credit: | Reported to the Interchange-Users mailing list by Jud Harris <[email protected]> on Wednesday March 21 2001. |
| Vulnerable: |
Akopia Interchange 4.6.3 Akopia Interchange 4.5.3 |
| Not Vulnerable: | |
Discussion
Akopia Interchange Sample Files Vulnerability
A vulnerability exists in components of Akopia Interchange E-commerce server.
Versions of Interchange ship with sample E-commerce 'stores' to demonstrate the functionality of the software.
These sample files contain a configuration error which makes it possible for unauthenticated remote users to connect to the demo stores' web-based administration interface. Through this interface it is possible for a malicious user to read or change the customer data, product items and order information.
A vulnerability exists in components of Akopia Interchange E-commerce server.
Versions of Interchange ship with sample E-commerce 'stores' to demonstrate the functionality of the software.
These sample files contain a configuration error which makes it possible for unauthenticated remote users to connect to the demo stores' web-based administration interface. Through this interface it is possible for a malicious user to read or change the customer data, product items and order information.
Exploit / POC
Akopia Interchange Sample Files Vulnerability
Connect to a vulnerable store with the userid ":backup".
Connect to a vulnerable store with the userid ":backup".
Solution / Fix
Akopia Interchange Sample Files Vulnerability
Solution:
In all installed catalog directories, as well as the catalog templates in
the Interchange software directory, edit the products/access.asc file,
changing this line:
:backup<tab><tab>Backup
to look like this:
:backup<tab>*<tab>Backup
Solution:
In all installed catalog directories, as well as the catalog templates in
the Interchange software directory, edit the products/access.asc file,
changing this line:
:backup<tab><tab>Backup
to look like this:
:backup<tab>*<tab>Backup
References
Akopia Interchange Sample Files Vulnerability
References:
References:
- [ic] open login warning (?) (Jud Harris
- Akopia Interchange product page (Akopia)