 |
|
|
|
| Vulnerability details : |
| |
 |
|
ACal login.php ACalAuthenticate Cookie Manipulation Authentication Bypass |
|
|
Fiche créée le 2006-01-12 15:34:50, dernière mise à jour le 2008-03-02 23:55:04
ACal contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an 'ACalAuthenticate' cookie is sent to the 'login.php' script with the value 'inside'. This flaw may lead to an attacker gaining unauthorised access, leading to a loss of integrity.
Cookie: ACalAuthenticate=inside
|
| |
| ACal Calendar Project 2.2.5 Affected | | | Attack Type : Authentication Management
brute force, default password, cookie poisoning. | Découvert le 2006-01-12 15:32:57
| | Exploit : Exploit Public | Exploit découvert le 2006-01-12 07:00:00
| Impact : Loss of Integrity
Assurance that data is unaltered by unauthorized persons.
Examples: XSS, arbitrary command execution, most overflows, most format strings, SQL injection, unauthorized file modification/deletion/creation, remote file inclusion, etc. | | | Location : Remote / Network Access
If network access if required and exploit can be done remotely. | | | OSVDB : Web Related
The vulnerability is a web issue and will have an associated security check. | | |
| |
| External refs : |
| OSVDB 22344 | | | | | | | | | | | | | | | | |
| |
| |
| |
| |
|
|
|
|
| Free consultation (search) |
|
|
|
|
|
| |
|
|
|
