lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200603162359.k2GNxkC3094115@smtp-vbr4.xs4all.nl>
Date: Fri, 17 Mar 2006 00:59:51 +0100
From: "Dimitri" <d.vd.giessen@...all.nl>
To: <bugtraq@...urityfocus.com>
Cc: <vuldb@...urityfocus.com>
Subject: Microsoft Commerce Server 2002: Logon as known user with a false password


Microsoft Commerce Server 2002: 
Logon as known user with a false password

 
Vulnerable:

Microsoft
Windows Server 2000/2003
+ Internet Information Server 5/6
+ Commerce Server 2002


Discussion:

Microsoft Commerce Server is used by company's who want to give customers
the opportunity to change there own details on the internet or buying
products.
Company's who use it are: eCommerce site's or interactive company's

The problem lays in the sample files of "authfiles". If you make your own
Solution site in Commerce Server and the "authfiles" are installed on your
server, you're vulnerable for positive user logon's using false passwords.

If you know a user (some site's uses a e-mail address) and you go to
http://site/authfiles/login.asp (some site's has it in an other directory)
and you enter the Username and a false password you get a error. 

After the error's you go with the same browser to the directory root of the
site http://site/ You get an other error and if you go again to the site and
you are logon as the entered user.

 
Vendor Response time:

31-03-2003 - First contact
26-08-2003 - Fixed in SP2


Status:

Fixed by Microsoft

Download & Install Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=58e6d658-cc3e-4846-
8ef7-264e6eeb4c1e
 
-- Quote Readme.htm --

A fix for a security issue reported by Dimitri van de Giessen

-- End Quote Readme.htm --

Also they already made a warning before Service Pack 2 came:
http://msdn.microsoft.com/library/en-us/csvr2002/htm/cs_se_securityconcepts_
cbgw.asp?frame=true#cs_se_securecode_viuy

-- Quote Microsoft --

Solution Sites AuthFiles Folder: Remove Directory

The Solution Sites include a folder called AuthFiles. You can use the files
in this folder if you want to integrate AuthFilter into your site. 

If you do not want to use AuthFilter, you must remove the AuthFiles
directory or remove the permissions from the directory. If you do not, your
site will be a security risk.

-- End Quote Microsoft --.


Contact:

Dimitri van de Giessen
E-mail  d.vd.giessen@...all.nl
Tel. number: +31622607367 (The Netherlands)




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ