| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH5XVwucaR8J4XCKhFbdQ1MvxYADdTEdJmMoVNo2Mvii_wjH5A@mail.gmail.com> Date: Thu, 18 Jun 2015 12:24:43 -0400 From: Brian Hysell <bdhysell@...il.com> To: fulldisclosure@...lists.org Subject: [FD] CVE-2015-4453 - Authentication bypass in OpenEMR Title: Authentication bypass in OpenEMR CVE Reference: CVE-2015-4453 Product: OpenEMR Vendor: http://www.open-emr.org/ Tested versions: 4.2.0 and 4.2.0 patch 1 Affected versions: 2.8.3 to 4.2.0 patch 1 Status: Fixed by vendor Reported by: Brian D. Hysell Details: A bug in OpenEMR's implementation of "fake register_globals" in interface/globals.php allows an attacker to bypass authentication by sending ignoreAuth=1 as a GET or POST request parameter. Impact: An attacker can access sensitive information without a password in parts of the application that do not disable the fake register_globals functionality, do not rely on session data initialized during the login process, and are not governed by access control lists. Notably, this includes interface/fax/fax_dispatch_newpid.php and interface/billing/sl_eob_search.php, which contain unpatched SQL injection vulnerabilities (see CVE-2014-5462). Remediation: Apply vendor's latest patch. Timeline: Vendor contacted: May 4, 2015 Vendor replied: May 4 CVE requested: May 6 Patch released: May 9 CVE assigned: June 9 Announced: June 18 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists