Full Disclosure mailing list archives
Blue Coat K9 Web Protection V4.0.230 Beta Vulnerability
From: "Tribal MP" <tribalmp () gmail com>
Date: Sat, 4 Oct 2008 23:47:37 +0000
Blue Coat K9 Web Protection V4.0.230 Beta Vulnerability Set 5, 2008 -- Affected Vendors: Blue Coat -- Affected Products: K9 Web Protection V4.0.230 Beta -- Download at: http://www1.k9webprotection.com/getk9/beta.php -- Vulnerability Details: A vulnerability exists in the Blue Coat K9 Web Protection V4.0.230 Beta that allow anyone to bypass localy the Administration panel located at http://127.0.0.1:2372. To desactivate the password and get full access simply desactive javascript in your browser. Internet Explorer Untested but works Opera Go to TOOLS > PREFERENCES > CONTENT > unselect ENABLE JAVASCRIPT > OK The vulnerable addresses are: http://127.0.0.1:2372/summary http://127.0.0.1:2372/detail http://127.0.0.1:2372/overrides http://127.0.0.1:2372/pwemail -- Dificulty Level: Low -- Vendor Response: None -- Disclosure Timeline: 2008-07-05 - Vulnerability reported to vendor 2008-07-05 - Disclosed -- About: Fabio Pinheiro at http://dicas3000.blogspot.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Blue Coat K9 Web Protection V4.0.230 Beta Vulnerability Tribal MP (Oct 05)
- <Possible follow-ups>
- Blue Coat K9 Web Protection V4.0.230 Beta Vulnerability Tribal MP (Oct 05)