[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <405cf7f40605171536s68e7e39ch51848a6fc102f622@mail.gmail.com>
Date: Thu, 18 May 2006 00:36:57 +0200
From: "David Maciejak" <david.maciejak@...il.com>
To: "Kenneth F. Belva" <ken@...security.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: What's Up Professional Spoofing Authentication
Bypass
I should have detect this!
Find enclosed an nasl file to use with nessus scanner.
david
> What's Up Professional 2006 is vulnerable to a spoofing attack whereby
> the attacker can trick the application into thinking he/she is making a
> request from the console (which is considered trusted). This attack will
> allow the attacker to bypass the authentication mechanism of the
> application and login without credentials.
>
> The application believes that if it is passed the following headers in
> an HTTP request, then it is a trusted request:
> User-Agent: Ipswitch/1.0
> User-Application: NmConsole
>
> These headers can be easily spoofed. An easy way to accomplish the spoof
> is to use a webproxy such as webscarab (see owasp.org).
>
> I have put a more detailed text file here:
> http://www.ftusecurity.com/pub/whatsup.public.pdf
>
> I contacted IPSwitch. They said the issue would be fixed in the next
> release. I followed up twice to find a status and did not receive a reply.
>
> Since the release of some What's Up Professional vulnerabilities
> recently -- see: http://www.securityfocus.com/archive/1/433808 -- I
> decided to release this information. I've been burned in the past by
> reporting vulnerabilities responsibly to vendors, someone else
> irresponsibly discloses the issue publicly before the fix is released
> and the company does not credit me with the initial report.
>
> Sincerely,
> Kenneth F. Belva, CISSP
> http://www.ftusecurity.com
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Download attachment "ipswitch_auth_bypass.nasl" of type "application/octet-stream" (2340 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists