Keene Digital Media Server prior 1.0.3 Adminsitrative Authentication Bypass 1.2
 
Plugin ID183
Plugin nameKeene Digital Media Server prior 1.0.3 Adminsitrative Authentication Bypass
Plugin filenameKeene Digital Media Server prior 1.0.3 Adminsitrative Authentication Bypass.plugin
Plugin filesize3185 bytes
Plugin familyHTTP
Plugin created nameNico 'Triplex' Spicher
Plugin created emailTriplex at IT-Helpnet dot de
Plugin created webhttp://triplex.it-helpnet.de/
Plugin created companyhttp://www.it-helpnet.de/
Plugin created date2004/09/07
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version1.2
Plugin changelogMade some slight modifications in version 1.1. Corrected the plugin structure and added the accuracy values in 1.2
Plugin protocoltcp
Plugin port8080
Plugin procedure detectionopen|send GET /dms/adminusers.kspx HTTP/1.0\n\n|sleep|close|pattern_exists 200
Plugin detection accuracy85
Plugin commentThis plugin was written with the ATK-Plugin-Creator [http://triplex.it-helpnet.de].
Bug published nameZiv Kamir
Bug published emailvulncode at yahoo dot com
Bug published date2004/08/12
Bug advisoryhttp://secunia.com/advisories/12272
Bug affectedKeene Digital Media Server 1.0.2 and 1.0.3
Bug not affectedKeene Digital Media Server 1.0.4 and newer
Bug vulnerability classConfiguration
Bug descriptionKeene Digital Media Server contains a flaw that may allow a malicious user to bypass authentication used to protect the adminusers.kspx page. The issue is triggered when a malicious user accesses the /dms/adminusers.kspx script directly. It is possible that the flaw may allow the malicious user the ability to read and change administrative options resulting in a loss of integrity.
Bug solutionSecure the file with htaccess or something similar and upgrade to Keene Digital Media Server to 1.0.4 or newer. Also limit unwanted connections and communications with firewalling if possible.
Bug fixing timeApprox. 30 minutes
Bug exploit availabilityYes
Bug remoteYes
Bug localYes
Bug severityHigh
Bug popularity3
Bug simplicity7
Bug impact8
Bug risk5
Source OSVDB ID8593
Source Secunia ID12272
Source LiteratureHacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.