Sayeon FlexWATCH Double-Slash Authentication Bypass

2003-10-26T10:33:40
ID OSVDB:2842
Type osvdb
Reporter OSVDB
Modified 2003-10-26T10:33:40

Description

Vulnerability Description

FlexWATCH Network Video Server contains a flaw that may allow a malicious user to bypass the authentication and gain access to the embedded web server. The issue is triggered when two forward-slash characters are used when accessing the administrative webpage. It is possible that the flaw may allow an authorize user to reconfigure the server, manage user accounts, and view the video feeds.

Solution Description

The vendor has released firmware version 2.2 to fix this particular vulnerability, however another method of bypassing authentication was discovered almost immediately afterwards. As of the time of this writing (January 3rd, 2004) there is no available patch from the vendor which adequately protects this server. If the security of this system is critical, it should be placed behind a packet filter or firewall.

Short Description

FlexWATCH Network Video Server contains a flaw that may allow a malicious user to bypass the authentication and gain access to the embedded web server. The issue is triggered when two forward-slash characters are used when accessing the administrative webpage. It is possible that the flaw may allow an authorize user to reconfigure the server, manage user accounts, and view the video feeds.

Manual Testing Notes

http://[victim]//admin/aindex.htm

References:

Vendor URL: http://www.flexwatch.com/products/fw_nvs.asp Secunia Advisory ID:10132 ISS X-Force ID: 13567 Generic Informational URL: http://packetstorm.linuxsecurity.com/0310-exploits/FlexWATCH.txt Generic Informational URL: http://www.securitytracker.com/alerts/2003/Oct/1008049.html Bugtraq ID: 8942