Message Foundry Permits Cross-Site Scripting Attacks and Lets Remote Authenticated Users Change Other User Passwords
|
|
SecurityTracker Alert ID: 1007223
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 17 2003
|
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of authentication information, Modification of user information
|
Exploit Included: Yes
|
Version(s): 2.75.0003; possibly other versions
|
Description: Several vulnerabilities were reported in Message Foundry. A remote user can conduct cross-site scripting attacks. A local user can view the administrator's password. A remote authenticated user can change another user's password.
It is reported that the software does not properly filter HTML code from user-supplied input in the "NAME" field. A remote user
can submit a specially crafted name value so that when a target user views the message, arbitrary scripting code will be executed
by the target user's browser. The code will originate from the site running the Message Foundry software and will run in the security
context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies),
if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on
the site acting as the target user.
It is also reported that the 'MF.ini' file stores the administrator's username and password
in plaintext format. A local user can view the password.
It is also reported that a remote authenticated user can modify a target
user's password if both users are in the same public or private area. A remote authenticated user can reportedly supply the target
user's username in the "New Login ID" field of the "Edit Profile" section, along with the desired password.
|
Impact: A remote authenticated user can change another user's password.
A local user can view the administrator's password.
A remote
user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Message
Foundry software, access data recently submitted by the target user via web form to the site, or take actions on the site acting
as the target user.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.appfoundry.com/ (Links to External Site)
|
Cause: Access control error, Input validation error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 17 Jul 2003 02:21:03 -0400
Subject: Message Foundry
|
http://www.appfoundry.com/
Secunia posted a report regarding vulnerabilities in Message Foundry version 2.75.0003.
The report is credited to Ziv Kamir.
An input validation vulnerability is reported in the "NAME" field, permitting cross-site
scripting attacks.
It is also reported that the 'MF.ini' file stores the administrator's username and
password in plaintext format. A local user can view the password.
It is also reported that a remote authenticated user can modify a target user's password
if both users are in the same public or private area. A remote authenticated user can
reportedly supply the target user's username in the "New Login ID" field of the "Edit
Profile" section, along with the desired password.
|
|
