| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANoQWWfC6CYn8QWqmBY_U0jv1wojMD+N7B0h0aVsQxyQ_kaw8A@mail.gmail.com>
Date: Mon, 26 Nov 2018 10:00:47 +0100
From: Rafael Pedrero <rafael.pedrero@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] CVE-2018-19505 - Impersonation may lead to incorrect user
context in Remedy AR System Server in BMC Remedy 7.1
<!--
# Exploit Title: Impersonation may lead to incorrect user context in Remedy
AR System Server in BMC Remedy 7.1
# Date: 23-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.bmc.com/
# Software Link: http://www.bmc.com/
# Version: Impersonation may lead to incorrect user context in Remedy AR
System Server in BMC Remedy 7.1
# Tested on: all
# CVE : 1CVE-2018-19505
# Category: webapps
1. Description
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user
context in certain impersonation scenarios, which can allow a user to act
with the identity of a different user.
2. Proof of Concept
Impersonation may lead to incorrect user context in Remedy AR System Server
in BMC Remedy 7.1.
Go to WorkOrderConsole:
In Request:
/WOI:WorkOrderConsole/Default+User+View+(Support)/userdata.js?winname=SERVERWOIWOI+WORKOrderConsole12345643244
(last values can change)
In response change the user value in function
UserData_Init(){ARKWSetup(2,"USERNAME_TO_CHANGE","....more values).
3. Solution:
Update to the latests version Remedy AR System Server in BMC Remedy 8.1.
-->
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists