From: David Maciejak (david.maciejakgmail.com)
Date: Wed May 17 2006 - 17:36:57 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I should have detect this!
Find enclosed an nasl file to use with nessus scanner.

david

> What's Up Professional 2006 is vulnerable to a spoofing attack whereby
> the attacker can trick the application into thinking he/she is making a
> request from the console (which is considered trusted). This attack will
> allow the attacker to bypass the authentication mechanism of the
> application and login without credentials.
>
> The application believes that if it is passed the following headers in
> an HTTP request, then it is a trusted request:
> User-Agent: Ipswitch/1.0
> User-Application: NmConsole
>
> These headers can be easily spoofed. An easy way to accomplish the spoof
> is to use a webproxy such as webscarab (see owasp.org).
>
> I have put a more detailed text file here:
> http://www.ftusecurity.com/pub/whatsup.public.pdf
>
> I contacted IPSwitch. They said the issue would be fixed in the next
> release. I followed up twice to find a status and did not receive a reply.
>
> Since the release of some What's Up Professional vulnerabilities
> recently -- see: http://www.securityfocus.com/archive/1/433808 -- I
> decided to release this information. I've been burned in the past by
> reporting vulnerabilities responsibly to vendors, someone else
> irresponsibly discloses the issue publicly before the fix is released
> and the company does not credit me with the initial report.
>
> Sincerely,
> Kenneth F. Belva, CISSP
> http://www.ftusecurity.com
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

• application/octet-stream attachment: ipswitch_auth_bypass.nasl

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]