Secunia Security Advisory - MaDj0kEr has reported some vulnerabilities in Amphor@ GATE, which potentially can be exploited by malicious users to bypass certain security restrictions.
98c01150519d693992e5b4c60d914a041857063e2b590aec1927c4611ba9a94b
TITLE:
Amphor@ GATE Security Bypass Vulnerabilities
SECUNIA ADVISORY ID:
SA13762
VERIFY ADVISORY:
http://secunia.com/advisories/13762/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
Local system
OPERATING SYSTEM:
Amphor@ GATE
http://secunia.com/product/4494/
DESCRIPTION:
MaDj0kEr has reported some vulnerabilities in Amphor@ GATE, which
potentially can be exploited by malicious users to bypass certain
security restrictions.
The problem is that certain scripts can be accessed directly without
any authentication. This may be exploited to get free Internet access
without time limitation or access the management system.
Examples:
https://amphora.local/gui/free_loginpage.php
https://amphora.local/hotel/cualquierfichero
https://amphora.local/validacion.php
SOLUTION:
Deny direct access without authentication to the vulnerable scripts.
PROVIDED AND/OR DISCOVERED BY:
MaDj0kEr, KernelPanik Crew
ORIGINAL ADVISORY:
http://www.kernelpanik.org/docs/kernelpanik/amphora.pdf
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------