| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed May 17 15:17:50 2006 From: ken at ftusecurity.com (Kenneth F. Belva) Subject: What's Up Professional Spoofing Authentication Bypass What's Up Professional 2006 is vulnerable to a spoofing attack whereby the attacker can trick the application into thinking he/she is making a request from the console (which is considered trusted). This attack will allow the attacker to bypass the authentication mechanism of the application and login without credentials. The application believes that if it is passed the following headers in an HTTP request, then it is a trusted request: User-Agent: Ipswitch/1.0 User-Application: NmConsole These headers can be easily spoofed. An easy way to accomplish the spoof is to use a webproxy such as webscarab (see owasp.org). I have put a more detailed text file here: http://www.ftusecurity.com/pub/whatsup.public.pdf I contacted IPSwitch. They said the issue would be fixed in the next release. I followed up twice to find a status and did not receive a reply. Since the release of some What's Up Professional vulnerabilities recently -- see: http://www.securityfocus.com/archive/1/433808 -- I decided to release this information. I've been burned in the past by reporting vulnerabilities responsibly to vendors, someone else irresponsibly discloses the issue publicly before the fix is released and the company does not credit me with the initial report. Sincerely, Kenneth F. Belva, CISSP http://www.ftusecurity.com
Powered by blists - more mailing lists