what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ledgersmb-bypass.txt

ledgersmb-bypass.txt
Posted Jul 19, 2007
Authored by Chris Travers

LedgerSMB versions 1.2.0 through 1.2.6 suffer from an authentication bypass.

tags | advisory, bypass
SHA-256 | 095c2dbf209d876105110d06020263404fc91e57fbd9e2597f5c50ee7e4d301b

ledgersmb-bypass.txt

Change Mirror Download
A security issue has been found which allows an unauthenticated user to 
bypass the authentication system in LedgerSMB 1.2.0 through 1.2.6.

Severity: Highly Critical
Versions affected: 1.2.0 through 1.2.6
Status: Vendor solution available (upgrade to 1.2.7)
Effect: Authentication bypass.
Required knowledge: A valid username for any user.
Related Advisory ID's: Bugtraq ID: 24940
No CVE has yet been assigned.
Exploit complexity: Simple


This is listed as highly critical because it could be used to access the
entire application masquerading as a different user than one is
authorized to use. This is a serious risk in any financial system as it
could be a vector for embezzlement and covering up dishonest activities.

Origins and Information:
The problem occurs because of a flaw in the redirect code which was
replaced in order to support additional environments. The redirection
code in this case can be accessed through the login module and tricked
into providing access without proper authentication.

Exploits can be performed by setting the action variable in the http
request to "redirect" with a callback variable set to the escaped URL
representing the desired action.

Not affected:
LedgerSMB prior to 1.2.0 or after 1.2.6
SQL-Ledger (any version)

Solution:
Upgrade to LedgerSMB 1.2.7

Credit:
This was discovered by a core member of the LedgerSMB team who has asked
to remain anonymous. This disclosure is intended to help those who
manufacture security products or are responsible for the security of
their networks. All questions regarding more information on this
vulnerability can be directed to Chris Travers ( chris@metatrontech.com
<mailto:chris@metatrontech.com> or chris.travers@gmail.com
<mailto:chris.travers@gmail.com>).

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close