lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3ECCF6D2.464.240A5C7C@localhost>
From: labs at idefense.com (iDEFENSE Labs)
Subject: iDEFENSE Security Advisory 05.22.03: Authentication Bypass in iisPROTECT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDEFENSE Security Advisory 05.22.03:
http://www.idefense.com/advisory/05.22.03.txt
Authentication Bypass in iisPROTECT
May 22, 2003

I. BACKGROUND

iisPROTECT is designed to provide password protection to web
directories similar to the htaccess method utilized by the Apache
Software Foundation's HTTP web server.  More information about
iisPROTECT is available at http://www.iisprotect.com .

II. DESCRIPTION

Upon successful installation and implementation of iisPROTECT, users
will be presented with a login and password dialog box when
attempting to access files contained in a protected directory.
Consider the following example:

http://iisprotected.example.com/protected/secret.html

An attacker can bypass this authentication by simply requesting the
same file through different URL-encoded representations. Examples of
these include but are not limited to:

http://iisprotected.example.com/%70rotected/secret.html
http://iisprotected.example.com/protected%2fsecret.html

III. ANALYSIS

Any remote attacker can exploit the above-described vulnerability to
bypass the access control restrictions imposed by iisPROTECT, thereby
exposing potentially sensitive files and information.

IV. DETECTION

iisPROTECT 2.1 and 2.2 are vulnerable. Previous versions may be
vulnerable as well.

V. VENDOR FIX/RESPONSE

iisPROTECT has released version 2.2.0.9 to fix this vulnerability.
The latest version is available at www.iisprotect.com .

VI. CVE INFORMATION

The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project
has assigned the identification number CAN-2003-0317 to this issue.

VII. DISCLOSURE TIMELINE

12/31/2002  Issue disclosed to iDEFENSE
04/16/2003  E-mail sent to info@...protect.com
04/16/2003  Response received from David Fearn of iisPROTECT
04/16/2003  Patch provided to iDEFENSE for verification
05/22/2003  Coordinated public disclosure


Get paid for security research
http://www.idefense.com/contributor.html

Subscribe to iDEFENSE Advisories:
send email to listserv@...fense.com, subject line: "subscribe"


About iDEFENSE:

iDEFENSE is a global security intelligence company that proactively
monitors sources throughout the world — from technical
vulnerabilities and hacker profiling to the global spread of viruses
and other malicious code. Our security intelligence services provide 
decision-makers, frontline security professionals and network 
administrators with timely access to actionable intelligence and
decision support on cyber-related threats. For more information,
visit http://www.idefense.com .

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPs0sI/rkky7kqW5PEQJ11gCdHgUEgy8TT+Lr/t/tef6BYG4FisQAnR4k
pNS6K6Zfcoq+2VAn0Tezj/rC
=pkHC
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ