what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Apache CloudStack 4.5.0 Authentication Bypass

Apache CloudStack 4.5.0 Authentication Bypass
Posted Jun 9, 2016
Authored by John Kinsella

Apache CloudStack contains an authentication module providing "single sign-on" functionality via the SAML data format. Under certain conditions, a user could manage to access the user interface without providing proper credentials. As the SAML plugin is disabled by default, this issue only affects installations that have enabled and use SAML-based authentication.

tags | advisory
advisories | CVE-2016-3085
SHA-256 | a4b1186aed8d05b27ac281e1250d62a1a3033e39f9bb7e46c69a4ba4a43d9dd7

Apache CloudStack 4.5.0 Authentication Bypass

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability

CVSS v2:
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Vendors:
The Apache Software Foundation
Accelerite, Inc

Versions affected:
CloudStack versions 4.5.0 and newer

Description:
Apache CloudStack contains an authentication module providing “single
sign-on” functionality via the SAML data format. Under certain
conditions, a user could manage to access the user interface without
providing proper credentials. As the SAML plugin is disabled by
default, this issue only affects installations that have enabled
and use SAML-based authentication.

Mitigation:
Users of Apache CloudStack using the SAML plugin should upgrade to
one of the following versions, based on which release they are
currently using: 4.5.2.1, 4.6.2.1, 4.7.1.1, or 4.8.0.1. These
versions contain only security updates, and no other functionality
change.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJXWNuFAAoJEOom9N0pCN7Sw8EP/0Q5YgomRGEocod2Cmlfd/E9
JKSBdt38hTclPXcdi3w/1Fq88l54erfHuPLPJObpsIR/vQGiOU0K9KkaO5jYDHtR
uFzb37PDzkR/x0tpfOvl1LqWOl89dSjF0qNAB8gi5ThqSWhBst70bjq0bR1aFxXx
I05JzZgD4eye+3tYRcVoFPOkbP7E5pWFtPo9LKUdRL4bfSwskB7d5MOGUoBMQfBb
vuMp7BikT3kMU7kiXNHKMCdd24iAQeiMOocZo7fPn70DiKANqLzinLxlWZHrd4Lh
IPO/m35s52tIVFxXAIF5N7ThAhOCoqQykxykCAgZN1Wi5444/bBJ/ppaP3StWq8i
gRTPzVYbniCTUfG4ynGZIwLwdDJxMb4M1kBdT3lpQWRhq24vE7/xSPANy8ipegvw
rZ8EYS0b0Ud4Bx60+L3rCMBJAwlSaddX/DDHaYUU8hxT5NRoK0eiWf9p4jd40Ob4
BYM/9mi4tv4Wq6tIEqSZfVMdNKgY3+0oBP5HEhEmXSk9Th0rNLySB7Xpix7dC5iF
4I0kpki8BFirE6rBGiKNARdXZJ9QTUTUG/wk1Ndgoe4kJG3PtR6PuY9DAWomqecz
aF/tmyIZXLeVEyZrS1rKLPlIjRHarALoQgB0Ln+UAhS0oyVJ5LrR4Ie70UDCMRNv
rNjki8AjTUnQarsp14lT
=+Tpv
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close