|
digi-ads / digi-news Authentication Vulnerability
|
|
Secunia Advisory:
|
SA9308
|
|
|
Release Date:
|
2003-07-19
|
|
Popularity:
|
4,821 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Brute force
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | digi-ads 1.x
digi-news 1.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
A vulnerability has been identified in digi-news and digi-ads, which potentially can be exploited by a malicious person to bypass the authentication process easier than expected.
The vulnerability is caused due to an authentication error in "admin.php". It is possible to gain access knowing either an administrator's login or password (knowledge of both is not neccessary), which makes it a lot easier for a malicious person to brute force access to the system.
This can be achieved by guessing one of these values and placing it in the cookie used during the authentication process.
The vulnerability has been reported in version 1.1. However, prior versions may also be affected.
Solution:
Update to version 1.2:
http://www.digi-fx.net/freescripts.php
Provided and/or discovered by:
Arnaud Jacques
Original Advisory:
http://www.securiteinfo.com/attaques/hacking/digi-news1_1.shtml
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
