HP Web Jetadmin Framework:CheckPassword Authentication Bypass

2004-04-27T00:00:00
ID OSVDB:5795
Type osvdb
Reporter FX(fx@phenoelit.de)
Modified 2004-04-27T00:00:00

Description

Vulnerability Description

HP JetAdmin contains a flaw that may allow a remote attacker to bypass password authentication. This flaw exists because the application fails to authenticate users when the "Framework:CheckPassword;" element is left out in a HTTP POST request. It is possible that the flaw may allow malicious users to access all administrative functions resulting in a loss of integrity.

Solution Description

Upgrade to version 7.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

HP JetAdmin contains a flaw that may allow a remote attacker to bypass password authentication. This flaw exists because the application fails to authenticate users when the "Framework:CheckPassword;" element is left out in a HTTP POST request. It is possible that the flaw may allow malicious users to access all administrative functions resulting in a loss of integrity.

Manual Testing Notes

obj=Httpd:SetProfile(Profiles_Admin,password,$_pwd,$__framework_ini)

References:

Vendor URL: http://www.hp.com/ Vendor Specific Advisory URL Secunia Advisory ID:11536 Related OSVDB ID: 5793 Related OSVDB ID: 5798 Related OSVDB ID: 5792 Related OSVDB ID: 5794 Related OSVDB ID: 5796 Related OSVDB ID: 5790 Related OSVDB ID: 5791 Related OSVDB ID: 5797 Other Advisory URL: http://www.phenoelit.de/stuff/HP_Web_Jetadmin_advisory.txt Keyword: HPSBPI01026 Keyword: SSRT2397 ISS X-Force ID: 15986 CIAC Advisory: o-136 CERT VU: 606673 Bugtraq ID: 10224