Full Disclosure mailing list archives
What's Up Professional Spoofing Authentication Bypass
From: "Kenneth F. Belva" <ken () ftusecurity com>
Date: Wed, 17 May 2006 07:53:31 -0400
What's Up Professional 2006 is vulnerable to a spoofing attack whereby the attacker can trick the application into thinking he/she is making a request from the console (which is considered trusted). This attack will allow the attacker to bypass the authentication mechanism of the application and login without credentials. The application believes that if it is passed the following headers in an HTTP request, then it is a trusted request: User-Agent: Ipswitch/1.0 User-Application: NmConsole These headers can be easily spoofed. An easy way to accomplish the spoof is to use a webproxy such as webscarab (see owasp.org). I have put a more detailed text file here: http://www.ftusecurity.com/pub/whatsup.public.pdf I contacted IPSwitch. They said the issue would be fixed in the next release. I followed up twice to find a status and did not receive a reply. Since the release of some What's Up Professional vulnerabilities recently -- see: http://www.securityfocus.com/archive/1/433808 -- I decided to release this information. I've been burned in the past by reporting vulnerabilities responsibly to vendors, someone else irresponsibly discloses the issue publicly before the fix is released and the company does not credit me with the initial report. Sincerely, Kenneth F. Belva, CISSP http://www.ftusecurity.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- What's Up Professional Spoofing Authentication Bypass Kenneth F. Belva (May 17)
- Re: What's Up Professional Spoofing Authentication Bypass David Maciejak (May 17)