WorkforceROI Xpede Arbitrary Timesheet Display

2002-04-19T00:00:00
ID OSVDB:4242
Type osvdb
Reporter OSVDB
Modified 2002-04-19T00:00:00

Description

Vulnerability Description

XPede does not prompt non-administrative users for administrative authentication credentials if they attempt to access an administrative script. It is possible that the flaw may allow gain unauthorized access to the administrative facilities resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Use of NTLM1 authentication and placing restrictive permissions on the directory containing the administrative scripts may help to mitigate this issue.

Short Description

XPede does not prompt non-administrative users for administrative authentication credentials if they attempt to access an administrative script. It is possible that the flaw may allow gain unauthorized access to the administrative facilities resulting in a loss of confidentiality, integrity, and/or availability.

References:

Related OSVDB ID: 4241 Related OSVDB ID: 4240 Related OSVDB ID: 4238 Related OSVDB ID: 4239 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html Keyword: authentication Keyword: XPede ISS X-Force ID: 8900 CVE-2002-0579 Bugtraq ID: 4552