mod_pubcookie -- Empty Authentication Security Advisory

ID 1CA8228F-858D-11E0-A76C-000743057CA2
Type freebsd
Reporter FreeBSD
Modified 2006-10-04T00:00:00


Nathan Dors, Pubcookie Project reports:

An Abuse of Functionality vulnerability in the Pubcookie authentication process was found. This vulnerability allows an attacker to appear as if he or she were authenticated using an empty userid when such a userid isn't expected. Unauthorized access to web content and applications may result where access is restricted to users who can authenticate successfully but where no additional authorization is performed after authentication.