Burden 1.8 - Authentication Bypass Vulnerability

Product: Burden
Vendor: Josh Fradley
Vulnerable Version(s): 1.8 and probably prior
Tested Version: 1.8
Advisory Publication:  December 18, 2013  [without technical details]
Vendor Notification: December 18, 2013
Vendor Patch: December 18, 2013
Public Disclosure: January 8, 2014
Vulnerability Type: Improper Authentication [CWE-287]
CVE Reference: CVE-2013-7137
Risk Level: High
CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech Bridge Security Research Lab discovered vulnerability in application authentication mechanism in Burden, which can be exploited by remote non-authenticated attacker to gain administrative access to the vulnerable application.
 
 
1) Improper Authentication in Burden: CVE-2013-7137
 
The vulnerability exists due to insufficient authentication when handling "burden_user_rememberme" cookie parameter. A remote unauthenticated user can set "burden_user_rememberme" cookie to "1" and gain administrative access to the application.
 
The exploitation example below shows HTTP GET request that grants administrative privileges to the user:
 
 
GET /login.php HTTP/1.1
 
Cookie: burden_user_rememberme=1;
 
 
The cookie can be also changed using a browser plugin such as Firebug for FireFox.
 
-----------------------------------------------------------------------------------------------
 
Solution:
 
Update to Burden 1.8.1
 
More Information:
https://github.com/joshf/Burden/releases/tag/1.8.1

#  0day.today [2018-02-27]  #