mod_pubcookie -- Empty Authentication Security Advisory

2006-10-04T00:00:00
ID 1CA8228F-858D-11E0-A76C-000743057CA2
Type freebsd
Reporter FreeBSD
Modified 2006-10-04T00:00:00

Description

Nathan Dors, Pubcookie Project reports:

An Abuse of Functionality vulnerability in the Pubcookie authentication process was found. This vulnerability allows an attacker to appear as if he or she were authenticated using an empty userid when such a userid isn't expected. Unauthorized access to web content and applications may result where access is restricted to users who can authenticate successfully but where no additional authorization is performed after authentication.