what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Elcom CommunityManager.NET Authentication Bypass

Elcom CommunityManager.NET Authentication Bypass
Posted Dec 20, 2010
Site senseofsecurity.com.au

Elcom CommunityManager.NET suffers from an authentication bypass vulnerability. Proof of concept code is included. Version 6.7 is vulnerable.

tags | exploit, proof of concept, bypass
SHA-256 | 7acb1f10e416f67bc4734d295a385802936a471c97a267dd98e74911fcfd8dbc

Elcom CommunityManager.NET Authentication Bypass

Change Mirror Download
Elcom CommunityManager.NET Auth Bypass Vulnerability - Security Advisory - SOS-10-004
Release Date. 20-Dec-2010
Last Update. -
Vendor Notification Date. 22-Jan-2010
Product. Elcom Technology's
CommunityManager.NET
Platform. IIS with ASP.NET
Affected versions. v6.7 verified and
possibly others.
Severity Rating. High
Impact. Application "System" user access
Attack Vector. Remote without authentication
Solution Status. Vendor patch
CVE reference. Not yet assigned

Details.
The web application uses cookie parameters passed via HTTP
requests to identify which user is logged in. Authentication
routines can be bypassed by simply appending the below POC
string to a cookie which already contains a valid ASP.NET
session ID. The value given to the various cookie parameters
indicates the specific user ID for the application user the
attacker wishes to impersonate.

Proof of Concept.
To exploit this vulnerability, simply browse to the software
to automatically create a valid ASP.NET session ID. Once
obtained, add the following to the cookie parameter:

; CMLogUserwww2=21; OnlineLearnUserwww2=21

Note that the ID value of "21" in the above instance
indicates that the user with the user ID of "21" will be
impersonated. If this user ID is not linked to a user account,
access will not be obtained. Some enumeration or educated
guessing may be required.

Solution.
Sense of Security has been advised that Elcom Technology has
patched all versions of CommunityManager.NET and notified all
clients.

Discovered by.
Sense of Security Labs.

About us.
Sense of Security is a leading provider of information
security and risk management solutions. Our team has expert
skills in assessment and assurance, strategy and architecture,
and deployment through to ongoing management. We are
Australia's premier application penetration testing firm and
trusted IT security advisor to many of the countries largest
organisations.

Sense of Security Pty Ltd
Level 8, 66 King St
Sydney NSW 2000
AUSTRALIA

T: +61 (0)2 9290 4444
F: +61 (0)2 9290 4455
W: http://www.senseofsecurity.com.au/consulting/penetration-testing
E: info@senseofsecurity.com.au
Twitter: @ITsecurityAU

The latest version of this advisory can be found at:
http://www.senseofsecurity.com.au/advisories/SOS-10-004.pdf
Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close