Keene Digital Media Server adminmessage.kspx Adminsitrative Authentication Bypass

2004-08-12T00:00:00
ID OSVDB:9517
Type osvdb
Reporter Dr_insane(dr_insane@pathfinder.gr), Ziv Kamir(gss_it@yahoo.com)
Modified 2004-08-12T00:00:00

Description

Vulnerability Description

Keene Digital Media Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user directly accesses the adminmessage.kspx script. This flaw may lead to a loss of confidentiality.

Solution Description

Upgrade to version 1.0.4 or higher, which vendor claims will fix the flaw. An upgrade is required as there are no known workarounds.

Short Description

Keene Digital Media Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user directly accesses the adminmessage.kspx script. This flaw may lead to a loss of confidentiality.

Manual Testing Notes

http://[victim]/dms/adminmessage.kspx

References:

Vendor URL: http://www.keenesoftware.com/html/dms.html Security Tracker: 1010928 Secunia Advisory ID:12272 Secunia Advisory ID:12423 Related OSVDB ID: 9514 Related OSVDB ID: 9516 Related OSVDB ID: 9518 Related OSVDB ID: 8593 Related OSVDB ID: 9515 ISS X-Force ID: 16967 Bugtraq ID: 10933