Lucene search
Mike EmeryEXPLOITPACK:ED7AC4598E8CF5A0BC491E19D67AECCFHistoryFeb 13, 2014 - 12:00 a.m.
CA 2E Web Option 8.1.2 - Authentication Bypass
2014-02-1300:00:00
Mike Emery
23
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
CA 2E Web Option 8.1.2 - Authentication Bypass
Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option
CVE: CVE-2014-1219
Vendor: CA
Product: 2E Web Option
Affected version: 8.1.2
Fixed version: N/A
Reported by: Mike Emery
Details:
CA 2E Web Option (r8.1.2) and potentially others, is vulnerable to unauthenticated privilege escalation via a predictable session token.
The POST parameter session token W2E_SSNID appears as follows:
W2E_SSNID=W90NIxGoSsN1023ZYW2E735182000013CLSpKfgkCJSLKsc600061JKenjKnE
JuNX9GoVjCEbqIuKh6kFRvbzYnUxgQtONszJldyAar3LtTSwsmBLpdlPc5iDH4Zf75
However, this token is poorly validated, leading to
W2E_SSNID=W90NIxGoSsN1023ZYW2E735182000013
being accepted as a valid session. By incrementing and
decrementing the digits at the end of the value given above, it is
possible to control the session at the given ID. This token is sent as
part of the login page, and as such, can be manipulated by an
unauthenticated attacker, giving them access to any valid session.
Consequentially, it is possible to access the following page as such:
https://app.domain.co.uk/web2edoc/close.htm?SSNID=W90NIxGoSsN1023ZYW2E735182000026
Ending the session specified, which could lead to a denial of service condition.
Further details at:
http://portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/
Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby granted for the electronic
redistribution of this information. It is not to be edited or altered in
any way without the express written consent of Portcullis Computer
Security Limited.
Disclaimer:
The information herein contained may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties, implied or otherwise, with regard to this information
or its use. Any use of this information is at the user's risk. In no
event shall the author/distributor (Portcullis Computer Security
Limited) be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information.Related
prion
prion
Code injection
2014-02-14 13:10:00
seebug
seebug
CA 2E Web Option 8.1.2 - Authentication Bypass
2014-07-01 00:00:00
CA 2E Web Option 8.1.2θΊ«δ»½ιͺθ―η»θΏζΌζ΄
2014-02-17 00:00:00
zdt
zdt
CA 2E Web Option 8.1.2 - Authentication Bypass Vulnerability
2014-02-13 00:00:00
packetstorm
packetstorm
CA 2E Web Option 8.1.2 Privilege Escalation / Denial Of Service
2014-02-13 00:00:00
securityvulns
securityvulns
CA20140218-01: Security Notice for CA 2E Web Option
2014-04-01 00:00:00
CA 2E Web Option session spooging
2014-04-01 00:00:00
cvelist
cvelist
CVE-2014-1219
2014-02-13 22:00:00
cve
cve
CVE-2014-1219
2014-02-14 13:10:00
exploitdb
exploitdb
CA 2E Web Option 8.1.2 - Authentication Bypass
2014-02-13 00:00:00
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related for EXPLOITPACK:ED7AC4598E8CF5A0BC491E19D67AECCF