JVN#87730223 Multiple Cybozu products vulnerable to authentication bypass

2010-04-19T00:00:00
ID JVN:87730223
Type jvn
Reporter Japan Vulnerability Notes
Modified 2010-04-21T00:00:00

Description

## Description

Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product.

## Impact

A remote attacker may view or modify information stored by the product.

## Solution

Apply IP address restriction
Using one of the following methods, restrict access only to mobile device IP addresses:

  • Apply the restriction settings on the server in which the product is installed
  • Use "Cybozu Remote Service" available from the developer Update the Software
    Update to the latest version according to the information provided by the developer.

## Products Affected

  • Cybozu (R) Office 7 Ktai
  • Cybozu (R) .(dot) sales