lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed May 17 23:37:09 2006
From: david.maciejak at gmail.com (David Maciejak)
Subject: What's Up Professional Spoofing Authentication
	Bypass

I should have detect this!
Find enclosed an nasl file to use with nessus scanner.

david


> What's Up Professional 2006 is vulnerable to a spoofing attack whereby
> the attacker can trick the application into thinking he/she is making a
> request from the console (which is considered trusted). This attack will
> allow the attacker to bypass the authentication mechanism of the
> application and login without credentials.
>
> The application believes that if it is passed the following headers in
> an HTTP request, then it is a trusted request:
> User-Agent: Ipswitch/1.0
> User-Application: NmConsole
>
> These headers can be easily spoofed. An easy way to accomplish the spoof
> is to use a webproxy such as webscarab (see owasp.org).
>
> I have put a more detailed text file here:
> http://www.ftusecurity.com/pub/whatsup.public.pdf
>
> I contacted IPSwitch. They said the issue would be fixed in the next
> release. I followed up twice to find a status and did not receive a reply.
>
> Since the release of some What's Up Professional vulnerabilities
> recently -- see: http://www.securityfocus.com/archive/1/433808 -- I
> decided to release this information. I've been burned in the past by
> reporting vulnerabilities responsibly to vendors, someone else
> irresponsibly discloses the issue publicly before the fix is released
> and the company does not credit me with the initial report.
>
> Sincerely,
> Kenneth F. Belva, CISSP
> http://www.ftusecurity.com
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipswitch_auth_bypass.nasl
Type: application/octet-stream
Size: 2340 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060518/509bcd52/ipswitch_auth_bypass.obj

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ