SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Indexu Vendors:   Indexu.com
INDEXU Web Portal Content Management System Allows Users to Obtain Administrator Access to the Management System
SecurityTracker Alert ID:  1001078
SecurityTracker URL:  http://securitytracker.com/id/1001078
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 13 2001
Impact:   User access via network
Vendor Confirmed:  Yes  
Version(s): up to and including 2.0Beta
Description:   UNDERSEC Security reports a vulnerability with INDEXU, a portal content management system based on PHP and MySQL. The security hole allows users to masquerade as an administrator.

INDEXU uses a web front-end to manage the system and its databases. The administrator's code is located in the directory "/admin". When logging in as the administrator, a cookie is set on the administrator's browser:

host.where.indexu.is.installed TRUE / FALSE 1388494785 cookie_admin_authenticated 1

A user with access to the web port can manipulate their cookies to masquerade as a valid and authorized administrator.

The vendor was reportedly informed of this bug on 2001-03-02.

Impact:   A user with access to the web port can manipulate their cookies to masquerade as a valid and authorized administrator.
Solution:   No vendor solution was available at the time of this entry.

UNDERSEC recommends a workaround that uses .htaccess authentication to prevent users from accessing the adminitrator directory.

Vendor URL:  indexu.com (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  INDEXU Authentication By-Pass


UNDERSEC SECURITY ADVISORY                              4th March 20001
=======================================================================
PROGRAM:   INDEXU
VERSIONS:  All versions prior to 2.0Beta (2.0Beta included)
OS:        All
REMOTE:    YES
LOCAL:     YES
CLASS:     Authentication bypass
POSTED BY: Sp4rK <sp4rk@undersec.com>

** BACKGROUND
INDEXU is a content management system software that aims to help a web
master to build a portal in just seconds.  It is based in PHP code and
uses MySQL as its database. INDEXU uses a web frontend to manage every
thing.

** PROBLEM DESCRIPTION
INDEXU uses a web frontend to manage every database it uses. The admin
section is located in /admin. When you login there it asks for a user
name and password (defaults to admin/admin). Once you log in it sets a
cookie with the following format:

host.where.indexu.is.installed   TRUE   /   FALSE   1388494785   cooki
e_admin_authenticated   1

This cookie will (or should be) deleted when the current session finis
hes, and is used to determine whether you are an admin or not

** IMPACT
Anybody who  can manipulate it's cookie settings is able  to act as if
he/she was the admin.

** SOLUTION
Use .htaccess authentication to prevent users from accessing adminitra
tor area.

** NOTE
INDEXU Team was informed of this bug on 2001-03-02.
Their response:

"  Hi, thanks for remindering me about this.

   It's true, i add 'flag' when administrator logged in.  But the flag
   that recognize administrator will automatically deleted when he clo
   se the browser or logout. But I think it's safer enough for non-eco
   mmerce website.  Anyway your suggestion is very good too.  I'll add
   more security when in final version.

   Thanks!"

The bug hasn't been fixed yet,  but we hope it'll be fixed in the next
release of INDEXU.

UNDERSEC Security TEAM,
http://www.undersec.com/

============== ===== === -- -  -
Sp4rK <sp4rk@undersec.com>
UNDERSEC Security Team

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC