Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

bluestone.txt

🗓️ 19 Sep 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 37 Views

Security flaw in Bluestone Sapphire/Web allows session access through predictable id in cookies.

Code
`Subject: [Security] Spoofed Id in Bluestone Sapphire/Web  
To: [email protected]   
  
  
INTRINsec Security Advisory  
  
  
  
Release Date : September 02, 1999  
Software : Bluestone Sapphire/Web V5  
Operating System: Solaris  
Impact : The attacker can access the session of other connected clients.  
Author : [email protected]  
Status : Bluestone is advised from this.  
URLs : http://www.INTRINsec.com  
  
  
  
__ Diggest __  
  
  
Sapphire/Web is a framework for iCommerce platforms. This product has a  
security flaw in its authentication scheme that allows an attacker  
to easily usurpate the identity of the currently connected clients.  
  
  
Bluestone is advised from this and wont correct this bug.  
  
  
  
__ Technical Details and Exploits __  
  
  
To authenticate its clients, Sapphire/Web uses an id stored in a session  
cookie as authentication scheme. After you have sent your login/password,  
Sapphire/Web sends you back a session cookie containing your id for this  
session.  
There are two flaws in their id authentication scheme :  
- the id is higly predictable : it is a counter incremented one by one,  
so given your id, it is easy to guess the id of people connected just before  
you.  
- the id longs all your session : it isn't renewed at each http request,  
so you are sure that if the session hasn't been disconnected, its id is  
valid.  
  
  
All the attacker has to do is to connect to Sapphire/Web server with a valid  
login/password and note its id. Then he can make a request with a decreased  
id in its cookie.  
With some luck, he will access the session of another client.  
  
  
__ Solutions __  
  
  
Bluestone doesn't provide a patch for this problem. You have to upgrade your  
software to the new version (V6.X) that allows you to use your own  
authentication scheme.  
  
  
__ Contacts __  
  
  
  
-- Bluestone Software --  
Support Services  
1000 Briggs Road  
Mount Laurel, New Jersey 08054-4101  
Phone: 856.778.7900  
Fax: 856.234.2877  
[email protected]  
http://www.bluestone.com  
  
  
  
-- INTRINsec --  
  
  
INTRINsec is a French Security Specialist.  
http://www.INTRINsec.com  
This advisory is available in french.  
Cet avis est disponible en francais sur notre site.  
  
  
  
__ DISCLAMERS __  
  
  
  
INTRINsec DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, AND PROVIDED  
THESES INFORMATIONS "AS IS" WITHOUT WARRANTY OF ANY KIND. INTRINsec IS NOT  
LIABLE FOR ANY DAMAGES WHATSOEVER EVEN IF INTRINsec HAS BEEN ADVISED OF THE  
POSSIBILITY OF SUCH DAMAGES.  
  
  
--  
Gerald Grevrend : Securite Informatique  
http://www.INTRINsec.com  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
19 Sep 1999 00:00Current
7.4High risk
Vulners AI Score7.4
sapphire/web security flawsession access vulnerabilitypredictable session idno patch available.
37