Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| Novell GroupWise WebAccess Lets Remote Users Bypass Authentication to Gain Limited Access |
|---|
Categorie: Vulnerability
Posted: 2005-01-19 by ReCall
Views: 404
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: Two vulnerabilities were reported in Novell GroupWise WebAccess. A remote user can bypass the authentication mechanism.
Marc Ruef reported that a remote user can load a URL that specifies an alternate error document to gain limited access to the system. A demonstration exploit URL is provided:
https://[target]:1444/servlet/webacc?error=webacc
This method grants access but without a profile.
The remote user can then determine the version number of the GroupWise installation by clicking the WebAccess logo.
The remote user can also inject HTML, as the username of the last login attempt from that remote user will be displayed on the Userid line.
The vendor was notified on December 14, 2004.
The original advisories are available at:
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1020
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1021
Impact: A remote user can gain limited access to the application.
Solution: No solution was available at the time of this entry.
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1303
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
