首页 / 操作系统 / Linux / CA 2E Web Option 8.1.2身份验证绕过漏洞
发布日期:2014-01-10 更新日期:2014-02-15受影响系统: CA CA 2E Web Option 8.1.2 描述: -------------------------------------------------------------------------------- CVE(CAN) ID: CVE-2014-1219CA 2E Web Option是CA 2E应用Web接口开发工具。CA 2E Web Option (r8.1.2)生成会议令牌的方式可以预测,在实现上存在安全漏洞,这可使远程攻击者绕过身份验证机制。<*来源:vendor *>测试方法: --------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!CA 2E Web Option 8.1.2 - Authentication Bypass EDB-ID: 31647 CVE: 2014-1219 OSVDB-ID: 103236 Author: Mike Emery Published: 2014-02-13 Verified: Not Verified Exploit Code: Download Vulnerable App: N/A Rating Overall:Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web OptionCVE: CVE-2014-1219 Vendor: CA Product: 2E Web Option Affected version: 8.1.2 Fixed version: N/A Reported by: Mike EmeryDetails:CA 2E Web Option (r8.1.2) and potentially others, is vulnerable to unauthenticated privilege escalation via a predictable session token. The POST parameter session token W2E_SSNID appears as follows:W2E_SSNID=3DW90NIxGoSsN1023ZYW2E735182000013CLSpKfgkCJSLKsc600061JKenjKnE JuNX9GoVjCEbqIuKh6kFRvbzYnUxgQtONszJldyAar3LtTSwsmBLpdlPc5iDH4Zf75 However, this token is poorly validated, leading toW2E_SSNID=3DW90NIxGoSsN1023ZYW2E735182000013being accepted as a valid session. By incrementing and decrementing the digits at the end of the value given above, it is possible to control the session at the given ID. This token is sent as part of the login page, and as such, can be manipulated by an unauthenticated attacker, giving them access to any valid session. Consequentially, it is possible to access the following page as such:https://app.domain.co.uk/web2edoc/close.htm?SSNID=3DW90NIxGoSsN1023ZYW2E735182000026Ending the session specified, which could lead to a denial of service condition.Further details at: http://portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/ Copyright: Copyright (c) Portcullis Computer Security Limited 2014, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited.Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user"s risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.建议: -------------------------------------------------------------------------------- 厂商补丁:CA -- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.ca.com/us/~/media/files/productbriefs/cs3003-ca-2e-web-option.aspxNetGear N300 DGN2200多个安全漏洞Xen "xc_cpupool_getinfo()"函数释放后重用内存破坏漏洞相关资讯 CA 2E Web Option 本文评论 查看全部评论 (0)
易网时代-编程资源站