Bugtraq mailing list archives
Explanation Authentix Input Validation Error
From: Lisa Saarloos <lisa () MAGNASHOP NL>
Date: Tue, 7 Nov 2000 10:06:52 +0100
Hi there, Yesterday I posted an advisory concerning a bug in Authentix that would allow users to bypass authentification. When I contacted the vendor about this they were very responsive and after some emails going here and there we agreed to postpone the bugtraq-posting for two weeks and give them time to (among other things) create a part on their site explaining the issue. I was moderately satisfied with the explanation-on-their-site part, that way the details would be known anyway, though at a slower rate and everyone would be happy.. But I haven't heard from them since, and I couldn't find a reference to the issue on the site, and I still posted an incomplete advisory... I want to set that right. I agree with vulnhelp that details will be known eventually, and because the exploit is so very simple it can't take long, so why not share it right away, so we all know what's going on, and can act upon it... Here goes: As mentioned in the advisory (bugtraq-ID 1907), Authentix provides a way to protect pages from unauthorized views.. But by providing a specially formed URL you won't be prompted for your username and password. Normally, after logging in, and after being redirected to your part of the site, the URL looks like this: http://my.secured.server/protected-directory/filename.ext By giving a URL in the form: http://my.secured.server/protected-directory./filename.ext (place a dot after the shieldeddirectory AND provide a direct filename) there's a good change you will be able to view the protected pages anyway. In most cases a filename isn't that hard to guess (index.html, default.htm, whatever), and with a little searching and guessing the name of the protected-directory can be found in the same way... It seems it does not work for everything, for example, when I found out about this, images wouldn't show.. There seem to be some other limitations, but I could not fit them in a "general rule" so quickly.. Neither ASP or this kind of windows programming are in my expertise area, work/life goes on, and Flicks Software was very responsive at that time, so I didn't look into it any further... Hope this make it a little clearer... with regards, Lisa Saarloos Beheer Magnashop International beheer () magnashop nl Zeestraat 78 2518 AD DEN HAAG The Netherlands +31 70 3604848
Current thread:
- Explanation Authentix Input Validation Error Lisa Saarloos (Nov 08)