JAWS Cookie Manipulation Authentication Bypass

2004-07-12T14:00:19
ID OSVDB:7724
Type osvdb
Reporter Fernando Quintero(nando@gigax.org)
Modified 2004-07-12T14:00:19

Description

Vulnerability Description

Jaws contains a flaw that may allow a malicious user to bypass authenticaiton. The issue is triggered when the session is configured to use cookies which allow null passwords. By setting an MD5 hash with a null password in the cookie, a remote attacker can get in the control panel with administrator rights without a password, resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Jaws has released a patch to address this vulnerability.

Short Description

Jaws contains a flaw that may allow a malicious user to bypass authenticaiton. The issue is triggered when the session is configured to use cookies which allow null passwords. By setting an MD5 hash with a null password in the cookie, a remote attacker can get in the control panel with administrator rights without a password, resulting in a loss of confidentiality, integrity, and/or availability.

Manual Testing Notes

//BEGIN //exploit.php <?PHP setcookie("logged","d41d8cd98f00b204e9800998ecf8427e",time()+86400*365,'path to jaws'); ?> //END

References:

Vendor URL: http://www.jaws.com.mx/ Security Tracker: 1010651 Related OSVDB ID: 7723 Related OSVDB ID: 7720 Related OSVDB ID: 7721 Related OSVDB ID: 7722 Other Advisory URL: http://www.securiteam.com/unixfocus/5KP0H0ADFU.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html ISS X-Force ID: 16622 CVE-2004-2443 Bugtraq ID: 10670