[SA23189] TWiki Authentication Bypass Vulnerability

Les derniers commentaires publiés sur SecuObs (1-5):

- SSTIC 2009 Challenge vs Metasm - Vidéo : Password cracking with L0phtcrack 6 - DLL injection by modifying an executable file - reverse shell from SQLi with 1 HTTP request, no extra channel to upload initial - Hackers crack ColdFusion Les derniers commentaires publiés sur SecuObs (6-25) Tous les commentaires publiés sur SecuObs avant les 5 derniers

[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA23189] TWiki Authentication Bypass Vulnerability

To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.

The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.

This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: link://[click] Contact Secunia Sales for more information: link://[click]

TITLE: TWiki Authentication Bypass Vulnerability

SECUNIA ADVISORY ID: SA23189

VERIFY ADVISORY: link://[click]

CRITICAL: Moderately critical

IMPACT: Security Bypass, Exposure of sensitive information

WHERE: From remote SOFTWARE: TWiki link://[click]

DESCRIPTION: A vulnerability has been reported in TWiki, which can be exploited by malicious people to disclose certain sensitive information.

The vulnerability exists due to an error when handling failed login attempts. This can be exploited to bypass authentication and view content in access restricted topics by canceling a login attempt with a valid user name.

Successful exploitation requires that "ErrorDocument 401" is set to a TWiki topic, that ApacheLogin with TWiki-4.0 is used with sessions enabled or SessionPlugin is used for older versions, and TWiki is running on Apache 1.3.

The vulnerability is reported in versions TWikiRelease01Sep2004 through TWikiRelease04Sep2004 with SessionPlugin, and 4.0.0 through 4.0.5.

SOLUTION: Restrict access to the TWiki installation.

As a hotfix the vendor recommends to change the "ErrorDocument" line in httpd.conf or .htaccess, which prevents current attacks, but might not be a complete fix (see vendor advisory for details).

PROVIDED AND/OR DISCOVERED BY: The vendor credits George Clark.

ORIGINAL ADVISORY: link://[click]

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: link://[click]

Definitions: (Criticality, Where etc.) link://[click]

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Precedent par Date: [SA23170] rPath update for openldap
Suivant par Date: [SA23171] rPath update for gnupg
Precedent par fil : [SA23170] rPath update for openldap
Suivant par fil : [SA23171] rPath update for gnupg
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch

Les derniers commentaires publiés sur SecuObs (6-25):

- Vidéo : Hiding Files with NTFS Alternative Data Streams - Whitepaper Understanding and using RFID - phpMyAdmin exploited in masses - Update: PyLoris 1.8 - ESRT @dougburks - Richard Bejtlich's Wireshark 12 Tutorial - ESRT @Carlos_Perez @joswr1ght WPA2-PSK cracker Cowpatty 46 with less teh suck - ESRT @dougburks Synjunkie on DNS BackTrack 4 tools Fierce and DNSRecon - Draft 2 of OVAL Version 5.6 Now Available - Microsoft Gazelle browser : A layperson explanation - ESRT @bytz @developerworks Analysis Tool for Java data race and deadlock connect - ESRT @bytz @unixmen New Kernel Vulnerabilities Affect Ubuntu 6.06, 8.04 and 8.10 - ModSecurity Denial of Service - OpenFlow 0.9.0 RC1 has been released - ESRT @davegball Tool to detect Metasploit Meterpreter anti-forensics tactics - Researchers unite to distribute quantum keys - Apple patching serious SMS vulnerability on iPhone - CERT Resiliency Management Model v1.0 Released - ESRT @milw0rm Apple Safari 4x JavaScript Reload Remote Crash Exploit - ESRT @packet_storm Oracle 10g SYSLTCOMPRESSWORKSPACETREE SQL Injection - ESRT @devilok - Unsung tools - Raptor forensics livecd Les cinq derniers commentaires publiés sur SecuObs Tous les commentaires publiés sur SecuObs avant les 25 derniers

SecuToolBox :

Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / WEP aircrack + Ubiquiti (MadWifi) 300 mW + Yagi / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner + d'outils / + de tutoriels

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, windows, exploit, microsoft, réseau, attaque, vulnérabilité, système, audit, outil, virus, internet, données, linux, présentation, bluetooth, vista, metasploit, protocol, shell, scanner, réseaux, trames, téléphone, paquet, wishmaster, rootkit, engineering, sysun, https, black, mobile, noyau, téléphones, conférence, mémoire, source, scapy, google, reverse, détection, malveillant, snort, sécurise, patch + de mots clés avec l'annuaire des articles publiés sur SecuObs

Archives Failles Secunia :

- SA35655 SUSE update for acroread - SA35673 AudioPLUS Playlist Processing Buffer Overflow Vulnerability - SA35656 Ubuntu update for linux and linux-source-2.6.15 - SA35681 Drupal Multiple Vulnerabilities - SA35644 HP-UX NFS/ONCplus Denial of Service Vulnerability + d'archives failles avec Secunia et SecuMail

Archives Mailing Full Disclosure :

- Full-disclosure Cisco Security Advisory: Vulnerabilities in Cisco Video Surveillance Products - Full-disclosure Cisco Security Advisory: Cisco Physical Access Gateway Denial of Service Vulnerability - Full-disclosure Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability - Full-disclosure Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability - Full-disclosure SECURITY DSA 1825-1 New nagios2/nagios3 packages fix arbitrary code execution + d'archives Full Disclosure avec SecuMail

Archives Mailing Bugtraq :

- Cisco Security Advisory: Vulnerabilities in Cisco Video Surveillance Products - Cisco Security Advisory: Cisco Physical Access Gateway Denial of Service Vulnerability - Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability - Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability - Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome - SECURITY DSA 1825-1 New nagios2/nagios3 packages fix arbitrary code execution + d'archives Bugtraq avec SecuMail

Mini-Tagwall de l'annuaire video :

virus, spyware, vmware, firmware, security, malware, lockpicking, biometric, kernel, iphone, windows, adware, password, wimax, botnet, tutorial, phish, linux, symantec, rootkit, knoppix, metasploit, network, attack, server, virtual, internet, jailbreak, notacon, conference, exploit, google, wireshark, defcon, hacker, backtrack, openbsd, intel, ettercap, firewall, source, samsung, reprap, wireless, norton + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, vulnérabilité, windows, vulnerability, network, attack, google, hacker, exploit, inject, internet, remote, server, mobile, malware, apple, iphone, black, patch, sécurité, virus, linux, ebook, conficker, crypt, source, intel, virtual, facebook, access, trojan, twitter, research, firefox, overflow, pirate, phish, vista, cisco, obama, office, local, opera, adobe + de mots clés avec l'annuaire de la revue de presse

Mini-Tagwall des Tweets de la revue Twitter :

security, cisco, linux, defcon, firewall, vmware, metasploit, attack, server, phish, network, twitter, exploit, windows, nessus, botnet, inject, backtrack, crypt, wireshark, vulnerabi, python, black, acking, iphone, source, engineering, google, social, conficker, clouds, patch, pentest, podcast, vulnerability, juniper, virus, hacker, apple, client, proxy, apache, virtual, complianc, javascript + de mots clés avec l'annuaire de la revue Twitter