Vulners
Lucene search
dpec-course-passwds.txt
`Date: Fri, 15 Jan 1999 21:45:24 -0700
From: Joel Knight <[email protected]>
To: [email protected]
Subject: DPEC Online Courseware
DPEC's (www.dpec.com) Online Courseware has a nasty bug in it that allows
anyone to change anyone elses password without knowing what their current
password is. This is NOT limited to normal user accounts, but also to the
admin account(s).
When a user logs in for the first time, they are required to change their
password. User jblow goes to the main login page and enters his username
and password. The courseware sees that he is a new user and gives jblow
a second login screen asking him to verify his password; this is where the
problem is. The courseware puts the following tag into the verification
page: <INPUT TYPE="hidden" NAME="firstpass">. This tag basically tells the
courseware "its ok, change the current password to what the user enters
and allow them to login regardless of current password (if any)".
Further inspection of the verification page will find the actual password
stored in an <INPUT> tag with the TYPE="hidden" attribute. Simply by
saving a copy of this verification page to your hard drive and making the
proper modifications, you can gain (administrator) access to the
courseware.
DPEC was notified back in Oct/Nov 1998 and basically said that there was
no other way that this password verification could take place.
I will not bore the Bugtraq readers with my rant on that subject :P
AFAIK, in DPEC's latest release, this problem has not been fixed.
--
Joel Knight [email protected]
PGP Key: hkp://keys.pgp.com/[email protected]
KeyID 2048/38C24864
Fingerprint 6D7D 1E4F 728B ACDA 6557 F3EC 85BB BA7C 38C2 4864
------------------------------------------------------------------------
Date: Mon, 1 Feb 1999 15:49:39 -0700
From: Don Papp <[email protected]>
To: [email protected]
Subject: DPEC Online Courseware Fix
On Fri, 15 Jan 1999, Joel Knight wrote:
> AFAIK, in DPEC's latest release, this problem has not been fixed.
DPEC has released a fix - here is the meat of it:
>> Preventing unauthorized password changes:
>>
>> 1) Use anonymous ftp to connect to teach.dpec.com.
>>
>> 2) Switch to the /pub directory.
>>
>> 3) Select the appropriate patch file for your OS from the following
list:
>>
>> aix_patch_990125.tar.gz
>> bsdi_patch_990125.tar.gz
>> digital_patch_990125.tar.gz
>> hp-ux_patch_990125.tar.gz
>> linux_patch_990125.tar.gz
>> nt_patch_990125.zip
>> solaris_patch_990125.tar.gz
>>
>> 4) Fetch the appropriate patch file using binary ftp.
>>
>> 5) Decompress and unpack the patch file.
>>
>> 6) Consult the readme.txt file for installation instructions.
>>
>> This fix will be incorporated into future versions of the courseware.
| Donald Papp
| Support Analyst
| OA Internet Inc.
| [email protected]
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4