Penetration Testing mailing list archives
Re: IBM Websphere Portal Authentication Bypass
From: Paul Melson <pmelson () gmail com>
Date: Tue, 20 Oct 2009 07:41:58 -0400
On Mon, Oct 19, 2009 at 3:38 PM, Eduardo Sierra <esierr4 () gmail com> wrote:
I'm an IT Risk Auditor, last year we found some documentation, regarding an authentication security bypass vulnerability, afecting IBM Websphere Portal 5.1.0.4. (Our transactional web site runs on it).
If you haven't configured 'enable-http-basic-auth-tai-sitemgmt' you are unaffected by this bug since remote administration would not be enabled. [...]
I assume that any attack on this must be some form of url manipulation, sql-injection or hidden parameter tampering, i haven't tested this myself... i'll try setting up a lab
It's not even that. For the remote administration URLs, if you know them up front, you can bypass the password protection for some of them by typing them directly into the browser. If you have the portal admin password, you could use that to crawl the portal admin interface to discover a list of URLs and then try each of of them without the password and see which ones return a 403 and which ones just give up the page. PaulM ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- IBM Websphere Portal Authentication Bypass Eduardo Sierra (Oct 19)
- Re: IBM Websphere Portal Authentication Bypass Paul Melson (Oct 21)
- Re: IBM Websphere Portal Authentication Bypass Eduardo Sierra (Oct 21)
- Re: IBM Websphere Portal Authentication Bypass Paul Melson (Oct 21)