lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0312161901150.4618-100000@localhost.localdomain>
Date: Tue, 16 Dec 2003 19:09:46 -0400 (VET)
From: Noticias <noticias@...entechsecurity.com>
To: bugtraq@...urityfocus.com
Subject: WebArtFactory CMS Vulnerability




Quick Summary:
************************************************************************
Product                 : WebArtFactory CMS.
Version                 : Several in-production old system versions.
Vendor                  : WebArtFactory - http://www.webartfactory.com
Class                   : Remote
Criticality             : High
Operating System(s)     : N/A.

Synopsis
************************************************************************
From the WebArtFactory webpage:
"Somos una empresa de desarrollo de páginas web y multimedia, 
formada por un grupo de jóvenes venezolanos, quienes ponemos 
a su disposición el más alto nivel de profesionalismo y creatividad 
prestos a lograr el éxito de su compañía y/o producto, mediante la 
utilización de las herramientas tecnológicas más actualizadas."

WebArtFactory CMS is a very popular Content Management System
among high profile venezuelan web sites: 
http://www.webartfactory.com/ns/portafolio.asp


Notice
************************************************************************
The very popular WebArtFactory CMS suffers from a vulnerability 
in the authentication mechanism for its management subsystem.
Due to the very high profile websites that use this CMS, Scientech 
de Venezuela has decided to release this advisory along with 
some urgent recommendations. Consequently, no specific details
about this vulnerability will be made public.


Vendor Status
************************************************************************
Scientech de Venezuela has contacted WebArtFactory, who has acknowledge 
the problem and is working to patch old versions of the software.


Basic Explanation
************************************************************************
Incorrect handling of authentication credentials in the management
subsystem allows for unauthorized access to all management webpages. 
During routine tests, Scientech de Venezuela has determined that is 
possible to gain total management control in a hostile manner of a site 
using only information publicly available. It is recommended that “work 
around” measures be taken immediately while waiting for vendor patches.


Proof Of Concept Status
************************************************************************
No proof of Concept will be released until patch is available from vendor.


Work Around
************************************************************************
Remove all CMS' management webpages. You will have to edit your site
offline and upload new versions.

Alternatively, enforce additional authentication mechanisms to your
management webpages (digital certificates, webserver based authentication
mechanisms, etc).

Corrective Measures
************************************************************************
Correct authentication credentials checking in all management
webpages.


Credits
************************************************************************
This vulnerability was discovered by Jose Torres and Ruben Recabarren
at Scientech's Security Research Laboratory.


Disclaimer
----------------------------------------------------------------------
This advisory was released by Scientech de Venezuela as a matter
of notification to help administrators protect their networks against
the described vulnerability. Exploit source code is no longer released
in our advisories but can be obtained under contract. Contact our sales 
department at info@...entechsecurity.com for further information on how 
to obtain proof of concept code.

----------------------------------------------------------------------
Scientech de Venezuela. http://www.scientechsecurity.com



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ