oss-sec mailing list archives

Re: CVE Request -- Sahana -- v0.6.2.2 -- Authentication bypass via "acl_enable_acl" URLs

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 30 Mar 2010 16:03:14 -0400 (EDT)


On Fri, 19 Mar 2010, Jan Lieskovsky wrote:

 Christopher showed:
   [1] http://archives.neohapsis.com/archives/bugtraq/2010-03/0156.html

 a deficiency in the way, Sahana disaster management system
 performed user authentication. Visiting a certain URL
 would allow an attacker to view (and potentially modify)
 information, which should be otherwise protected by authentication.


Use CVE-2010-1191

- Steve

Current thread:

CVE Request -- Sahana -- v0.6.2.2 -- Authentication bypass via "acl_enable_acl" URLs Jan Lieskovsky (Mar 19)
- Re: CVE Request -- Sahana -- v0.6.2.2 -- Authentication bypass via "acl_enable_acl" URLs Steven M. Christey (Mar 30)