38 lines
No EOL
1.6 KiB
Text
38 lines
No EOL
1.6 KiB
Text
+-----------------------------------------------------------------+
|
|
+ Netsweeper 4.0.8 - Authentication Bypass (New Profile Creation) +
|
|
+-----------------------------------------------------------------+
|
|
Affected Product: Netsweeper
|
|
Vendor Homepage : www.netsweeper.com
|
|
Version : 4.0.8 (and probably other versions)
|
|
Discovered by : Anastasios Monachos (secuid0) - [anastasiosm (at) gmail (dot) com]
|
|
Patched : Yes
|
|
CVE : CVE-2014-9618
|
|
|
|
+---------------------+
|
|
+ Product Description +
|
|
+---------------------+
|
|
Netsweeper is a software solution specialized in content filtering.
|
|
|
|
+----------------------+
|
|
+ Exploitation Details +
|
|
+----------------------+
|
|
Netsweeper's 4.0.8 (and probably other versions) Client Filter Admin portal can be reached at http://netsweeper/webadmin/clientlogin/ and a username/password combination is required to Add a Profile, by setting the "action" parameter to "showdeny" it will force the admin interface to load and subsequently allow any non-authenticated user to create a new profile.
|
|
|
|
URL Path: http://netsweeper/webadmin/clientlogin/?srid=&action=showdeny&url=
|
|
|
|
+----------+
|
|
+ Solution +
|
|
+----------+
|
|
Upgrade to latest version.
|
|
|
|
+---------------------+
|
|
+ Disclosure Timeline +
|
|
+---------------------+
|
|
24-Nov-2014: Initial Communication
|
|
03-Dec-2014: Netsweeper responded
|
|
03-Dec-2014: Shared full details to replicate the issue
|
|
10-Dec-2014: Netsweeper fixed the issue in releases 3.1.10, 4.0.9, 4.1.2
|
|
17-Dec-2014: New releases 3.1.10, 4.0.9, 4.1.2 made available to the public
|
|
18-Dec-2014: Confirm fix
|
|
17-Jan-2015: CVE assigned CVE-2014-9618
|
|
11-Aug-2015: Public disclosure |