MapInfo Discovery 1.0/1.1 - Administrative Authentication Bypass

EDB-ID:

24371

CVE:





Platform:

ASP

Date:

2004-07-15


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/10927/info
   
Multiple remote vulnerabilities are reported in MapInfo Discovery.
   
The first issue is reported to be an information disclosure vulnerability. An attacker may gain access to potentially sensitive error log information that could aid an attacker in further system compromise.
   
The second issue is reported to be a cross-site scripting vulnerability. The application fails to properly sanitize user-supplied URI argument data. This could allow for execution of hostile HTML and script code in the web client of a user who visits a malicious link to the vulnerable site. This code execution would occur in the security context of the site hosting the vulnerable software. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
   
The third issue is reported to be a plaintext password information disclosure vulnerability. An attacker with the ability to sniff network traffic could capture user and SQL database credentials.
   
The fourth issue is reported to be an administrative login authentication bypass vulnerability. An attacker with a regular user account on the application can gain administrative access.
   
MapInfo Discovery versions 1.0 and 1.1 are reported susceptible to these vulnerabilities.


http://www.example.com/midiscovery/asplib/MapPassword.asp?id=140&ps=0&Wrong=1