[38189] in bugtraq
Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack
daemon@ATHENA.MIT.EDU (CIRT Advisory)
Thu Jan 13 14:21:39 2005
From: "CIRT Advisory" <advisory@cirt.dk>
To: <bugtraq@securityfocus.com>
Date: Thu, 13 Jan 2005 19:45:53 +0100
Message-ID: <001201c4f9a0$1da47fe0$0201a8c0@CIRT>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 8bit
The web application are vulnerable to a replay attack, meaning that the
username and password are encrypted but there are not used any form of
timestamp to make this mechanism more advanced and secure.
If it is possible to sniff the traffic when a user login to the
administrative interface, it is possible to replay this sequence and get a
valid login session, with the rights of the user.
Vendors response to this was, it is a feature not a vulnerability and all
the others also have this problem.
Read the full advisory at http://www.cirt.dk/advisories/cirt-28-advisory.pdf
----------------------------------------------------------------------
Danish Incident Response Team
http://www.cirt.dk
----------------------------------------------------------------------
