Geo++ GNCASTER HTTP Digest Authentication Information Disclosure Vulnerability
BID:40025
Info
Geo++ GNCASTER HTTP Digest Authentication Information Disclosure Vulnerability
| Bugtraq ID: | 40025 |
| Class: | Design Error |
| CVE: |
CVE-2010-0551 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 27 2010 12:00AM |
| Updated: | Jan 27 2010 12:00AM |
| Credit: | RedTeam Pentesting GmbH |
| Vulnerable: |
Geo++ GNCASTER 1.4.0.7 |
| Not Vulnerable: |
Geo++ GNCASTER 1.4.0.8 |
Discussion
Geo++ GNCASTER HTTP Digest Authentication Information Disclosure Vulnerability
Geo++ GNCASTER is prone to an information-disclosure vulnerability.
Successful exploits may allow attackers to gain access to potentially sensitive information on the vulnerable server; other attacks may also be possible.
Geo++ GNCASTER 1.4.0.7 is vulnerable; other versions may also be affected.
Geo++ GNCASTER is prone to an information-disclosure vulnerability.
Successful exploits may allow attackers to gain access to potentially sensitive information on the vulnerable server; other attacks may also be possible.
Geo++ GNCASTER 1.4.0.7 is vulnerable; other versions may also be affected.
Exploit / POC
Geo++ GNCASTER HTTP Digest Authentication Information Disclosure Vulnerability
An attacker can carry out this attack using readily available network utilities.
An attacker can carry out this attack using readily available network utilities.
Solution / Fix
Geo++ GNCASTER HTTP Digest Authentication Information Disclosure Vulnerability
Solution:
Vendor updates are available. Please contact the vendor for more information.
Solution:
Vendor updates are available. Please contact the vendor for more information.
References
Geo++ GNCASTER HTTP Digest Authentication Information Disclosure Vulnerability
References:
References:
- [RT-SA-2010-003] Geo++(R) GNCASTER: Faulty implementation of HTTPDigest Authenti (RedTeam Pentesting GmbH)
- Geo++ GNCASTER Homepage (Geo++)