Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

FancyFon FAMOC 3.16.5 Session Fixation

🗓️ 27 Jan 2015 00:00:00Reported by Matthias DeegType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

FAMOC 3.16.5 Session Fixation vulnerability in mobile device managemen

Code
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512  
  
Advisory ID: SYSS-2014-012  
Product(s): FAMOC  
Vendor: FancyFon  
Affected Version(s): 3.16.5   
Tested Version(s): 3.16.5  
Vulnerability Type: Session Fixation (CWE-384)  
Risk Level: Low  
Solution Status: Fixed  
Vendor Notification: 2014-12-19  
Solution Date: 2015-01-23  
Public Disclosure: 2015-01-23  
CVE Reference: Not yet assigned  
Author of Advisory: Matthias Deeg (SySS GmbH)  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Overview:  
  
FAMOC is a mobile device management software by FancyFon supporting  
different kinds of mobile devices.  
  
The vendor FancyFon describes the product as follows (see [1]):  
  
"FAMOC is a flexible and open mobile device lifecycle management   
solution, enabling any number of smartphones using a variety of   
operating systems, to be centrally and remotely managed, over the   
Internet."  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Vulnerability Details:  
  
The SySS GmbH found a session fixation vulnerability the web   
application component of the FAMOC mobile device management solution.  
  
This type of vulnerability allows an attacker to predetermine the  
session cookie value of his victims, for example via a cross-site  
scripting attack, in order to hijack user sessions of other users and  
thus performing a privilege escalation attack.  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Proof of Concept (PoC):  
  
HTTP POST request for user login with a preset session cookie value:  
  
POST /index.php? HTTP/1.1  
Host: <HOST>  
Cookie: PHPSESSID=00000000000000000000000000  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 28  
  
login=<USERNAME>&pass=<PASSWORD>  
  
  
HTTP response from the FAMOC MDM web application without setting a new  
session cookie value:  
  
HTTP/1.1 200 OK  
Date: Fri, 14 Nov 2014 08:45:51 GMT  
Server: Apache  
Expires: Thu, 19 Nov 1981 08:52:00 GMT  
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0  
Pragma: no-cache  
Content-Type: text/html; charset=utf-8  
Connection: close  
Content-Length: 25027  
  
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><!---->  
<html>  
<head>  
<title>FAMOC</title>  
(...)  
  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Solution:  
  
Update to FAMOC software version 3.17.4.  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Disclosure Timeline:  
  
2014-12-19: Vulnerability reported to vendor  
2014-12-19: Vendor acknowledges e-mail with SySS security advisory  
2015-01-16: Contacted vendor for status information about the reported  
vulnerability  
2015-01-23: Vendor responds that this security vulnerability was   
addressed in the FAMOC software version 3.17.4.  
Public release of security advisory  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
References:  
  
[1] Product Web Site for FAMOC Mobile Device Management  
http://www.fancyfon.com/  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Credits:  
  
This security vulnerability was found by Matthias Deeg of the SySS GmbH.  
  
E-Mail: matthias.deeg (at) syss.de  
Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc  
Key fingerprint = 5AE3 96EE A014 FB90 9D81 AF90 8C54 7E88 A34C CED8  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Disclaimer:  
  
The information provided in this security advisory is provided "as is"   
and without warranty of any kind. Details of this security advisory may   
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS Web   
site.  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Copyright:  
  
Creative Commons - Attribution (by) - Version 3.0  
URL: http://creativecommons.org/licenses/by/3.0/deed.en  
  
-----BEGIN PGP SIGNATURE-----  
  
iEYEAREKAAYFAlTCLOoACgkQjFR+iKNMztgWrgCeJGv2DpQmi3Wmn0ETcCT2N8K1  
fogAn1AkrkOUIpJN6HIebRUAGpvYLugI  
=OhAR  
-----END PGP SIGNATURE-----  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 Jan 2015 00:00Current
7.4High risk
Vulners AI Score7.4
famocfancyfonsession fixationmobile devicessyss gmbhmatthias deegcvevendor notificationpublic disclosuresolution statusdisclosure timelinevulnerability details
24