|
发布日期:2014-01-10
更新日期:2014-02-15
受影响系统:
CA CA 2E Web Option 8.1.2
描述:
--------------------------------------------------------------------------------
CVE(CAN) ID: CVE-2014-1219
CA 2E Web Option是CA 2E应用Web接口开发工具。
CA 2E Web Option (r8.1.2)生成会议令牌的方式可以预测,在实现上存在安全漏洞,这可使远程攻击者绕过身份验证机制。
<*来源:vendor
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
CA 2E Web Option 8.1.2 - Authentication Bypass
EDB-ID: 31647 CVE: 2014-1219 OSVDB-ID: 103236
Author: Mike Emery Published: 2014-02-13 Verified: Not Verified
Exploit Code: Download Vulnerable App: N/A
Rating
Overall:
Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option
CVE: CVE-2014-1219
Vendor: CA
Product: 2E Web Option
Affected version: 8.1.2
Fixed version: N/A
Reported by: Mike Emery
Details:
CA 2E Web Option (r8.1.2) and potentially others, is vulnerable to unauthenticated privilege escalation via a predictable session token.
The POST parameter session token W2E_SSNID appears as follows:
W2E_SSNID=3DW90NIxGoSsN1023ZYW2E735182000013CLSpKfgkCJSLKsc600061JKenjKnE
JuNX9GoVjCEbqIuKh6kFRvbzYnUxgQtONszJldyAar3LtTSwsmBLpdlPc5iDH4Zf75
However, this token is poorly validated, leading to
W2E_SSNID=3DW90NIxGoSsN1023ZYW2E735182000013
being accepted as a valid session. By incrementing and
decrementing the digits at the end of the value given above, it is
possible to control the session at the given ID. This token is sent as
part of the login page, and as such, can be manipulated by an
unauthenticated attacker, giving them access to any valid session.
Consequentially, it is possible to access the following page as such:
https://app.domain.co.uk/web2edoc/close.htm?SSNID=3DW90NIxGoSsN1023ZYW2E735182000026
Ending the session specified, which could lead to a denial of service condition.
Further details at:
http://portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/
Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby granted for the electronic
redistribution of this information. It is not to be edited or altered in
any way without the express written consent of Portcullis Computer
Security Limited.
Disclaimer:
The information herein contained may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties, implied or otherwise, with regard to this information
or its use. Any use of this information is at the user's risk. In no
event shall the author/distributor (Portcullis Computer Security
Limited) be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information.
建议:
--------------------------------------------------------------------------------
厂商补丁:
CA
--
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.ca.com/us/~/media/files/productbriefs/cs3003-ca-2e-web-option.aspx
(责任编辑:IT) |
