Geo++ GNCASTER HTTP Digest Authentication Bypass Vulnerability
BID:40018
Info
Geo++ GNCASTER HTTP Digest Authentication Bypass Vulnerability
| Bugtraq ID: | 40018 |
| Class: | Design Error |
| CVE: |
CVE-2010-0550 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 27 2010 12:00AM |
| Updated: | Jan 27 2010 12:00AM |
| Credit: | RedTeam Pentesting GmbH |
| Vulnerable: |
Geo++ GNCASTER 1.4.0.7 |
| Not Vulnerable: |
Geo++ GNCASTER 1.4.0.8 |
Discussion
Geo++ GNCASTER HTTP Digest Authentication Bypass Vulnerability
Geo++ GNCASTER is prone to an authentication-bypass vulnerability because it fails to properly enforce HTTP Digest Authentication.
Successful exploits may allow attackers to bypass security restrictions and gain unauthorized access; other attacks may also be possible.
Geo++ GNCASTER 1.4.0.7 is vulnerable; other versions may also be affected.
Geo++ GNCASTER is prone to an authentication-bypass vulnerability because it fails to properly enforce HTTP Digest Authentication.
Successful exploits may allow attackers to bypass security restrictions and gain unauthorized access; other attacks may also be possible.
Geo++ GNCASTER 1.4.0.7 is vulnerable; other versions may also be affected.
Exploit / POC
Geo++ GNCASTER HTTP Digest Authentication Bypass Vulnerability
An attacker can carry out this attack using readily available network utilities.
An attacker can carry out this attack using readily available network utilities.
Solution / Fix
Geo++ GNCASTER HTTP Digest Authentication Bypass Vulnerability
Solution:
Vendor updates are available. Please contact the vendor for more information.
Solution:
Vendor updates are available. Please contact the vendor for more information.
References
Geo++ GNCASTER HTTP Digest Authentication Bypass Vulnerability
References:
References:
- [RT-SA-2010-003] Geo++(R) GNCASTER: Faulty implementation of HTTPDigest Authenti (RedTeam Pentesting GmbH)
- Geo++ GNCASTER Homepage (Geo++)