Novell GroupWise WebAccess prior 6.5.3 about weak authentication 1.0
 
Plugin ID346
Plugin nameNovell GroupWise WebAccess prior 6.5.3 about weak authentication
Plugin filenameNovell GroupWise WebAccess prior 6.5.3 about weak authentication.plugin
Plugin filesize2989 bytes
Plugin familyCGI
Plugin created nameMarc Ruef
Plugin created emailmarc.ruef at computec.ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2004/12/09
Plugin version1.0
Plugin protocoltcp
Plugin port80
Plugin procedure exploitopen|send GET /servlet/webacc?error=about HTTP/1.0\n\n|close|pattern_exists HTTP/#.# ### *Program Release*
Plugin exploit accuracy99
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug published nameMarc Ruef
Bug published emailmarc.ruef at computec.ch
Bug published webhttp://www.computec.ch
Bug published companycomputec.ch
Bug published date2004/12/09
Bug produced nameNovell
Bug produced emailinfo at novell.com
Bug produced webhttp://www.novell.com
Bug affectedNovell GroupWise WebAccess prior 6.5.3
Bug not affectedNovell GroupWise WebAccess newer than 6.5.3 or other products
Bug vulnerability classWeak Authentication
Bug false positivesThese depends how Novell will fix this flaw.
Bug descriptionIt is possible to circumvent the login procedure. It is possible to specify the about template as error document with the $QUERY_STRING variant error. So it is possible to get the version of the installed GroupWise framework. This information may be useful to launch further attacks.
Bug solutionThe flaws may be patched with an upcoming bugfix or a new software release. As a workaround you should deny untrusted incoming connections to your WebAccess thru firewalling.
Bug fixing timeApprox. 30 minutes
Bug exploit availabilityYes
Bug exploit urlhttps://www.computec.ch/servlet/webacc?error=about
Bug remoteYes
Bug localYes
Bug severityHigh
Bug popularity6
Bug simplicity8
Bug impact7
Bug risk7
Source scipID1021
Source LiteratureHacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X
Source Misc.http://developer.novell.com/ndk/doc/gwwbacc/index.html?page=/ndk/doc/gwwbacc/gwwebacc/data/a6l4t54.html

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.