Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-disclosure] What's Up Professional Spoofing Authentication Bypass
From: David Maciejak (david.maciejakgmail.com)
Date: Wed May 17 2006 - 17:36:57 CDT
I should have detect this!
Find enclosed an nasl file to use with nessus scanner.
> What's Up Professional 2006 is vulnerable to a spoofing attack whereby
> the attacker can trick the application into thinking he/she is making a
> request from the console (which is considered trusted). This attack will
> allow the attacker to bypass the authentication mechanism of the
> application and login without credentials.
> The application believes that if it is passed the following headers in
> an HTTP request, then it is a trusted request:
> User-Agent: Ipswitch/1.0
> User-Application: NmConsole
> These headers can be easily spoofed. An easy way to accomplish the spoof
> is to use a webproxy such as webscarab (see owasp.org).
> I have put a more detailed text file here:
> I contacted IPSwitch. They said the issue would be fixed in the next
> release. I followed up twice to find a status and did not receive a reply.
> Since the release of some What's Up Professional vulnerabilities
> recently -- see: http://www.securityfocus.com/archive/1/433808 -- I
> decided to release this information. I've been burned in the past by
> reporting vulnerabilities responsibly to vendors, someone else
> irresponsibly discloses the issue publicly before the fix is released
> and the company does not credit me with the initial report.
> Kenneth F. Belva, CISSP
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
- application/octet-stream attachment: ipswitch_auth_bypass.nasl