exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Accellion Kiteworks Authentication Bypass

Accellion Kiteworks Authentication Bypass
Posted May 28, 2018
Authored by jerinjoy

Accellion Kiteworks versions prior to 2017.01.00 suffer from an authentication bypass vulnerability.

tags | advisory, bypass
SHA-256 | d347dee5b223a51f0bdd3cd6f19b767f912e1d12f4d86c8a16314862e8c9b919

Accellion Kiteworks Authentication Bypass

Change Mirror Download
[Suggested description]

Authentication Bypass vulnerability in Accellionkiteworks before

2017.01.00 allows remote attackers to executecertain API calls on

behalf of a web user using a gathered token via aPOST request to

/oauth/token.



------------------------------------------



[Vulnerability Type]

Incorrect Access Control



------------------------------------------



[Vendor of Product]

Accellion



------------------------------------------



[Affected Product Code Base]

Kiteworks - Affected Version: kw2016.04.12, FixedVersion: v2017.01.00



------------------------------------------



[Affected Component]

web user, token, API calls



------------------------------------------



[Attack Type]

Remote



------------------------------------------



[Impact Information Disclosure]

true



------------------------------------------



[CVE Impact Other]

Can create user accounts



------------------------------------------



[Attack Vectors]

To exploit vulnerability, someone can gather thetoken by submitting a POST request to /oauth/token.



------------------------------------------



[Has vendor confirmed or acknowledged thevulnerability?] true



------------------------------------------



[Discoverer]
Jerin Joy
Email: Jerinjoy@tutamail.com <mailto:Jerinjoy@tutamail.com>
Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close