OSVDB ID: 25081

Title: Basic Analysis and Security Engine (BASE) Cookie Authentication Bypass

Info

Disclosure

Apr 20, 2006

Discovery

Apr 20, 2006

Dates

Exploit

Apr 20, 2006

Solution

Unknown

Description

Basic Analysis and Security Engine (BASE) contains a flaw that may allow a malicious user to gain admin privileges without authentication. The issue is triggered when sending a specially crafted cookie. It is possible that the flaw may allow unauthorized administrative access resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Location: Remote/Network Access Required
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to cvs version or version 1.2.5 (sarah) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Kevin Johnson	Basic Analysis and Security Engine (BASE)	1.1 (elizabeth)
		1.1.2 (zora)
		1.1.3 (lynn)
		1.1.4 (cheryl)
		1.2.0 (betty)
		1.2.1 (kris)
		1.2.2 (cindy)
		1.2.4 (melissa)

References

Related OSVDB ID: 35243
Mail List Post: http://sourceforge.net/mailarchive/message.php?msg_id=15452482

Credit

Nikns Siankin - niknssecure.lv - BASE+

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Kevin Johnson

Basic Analysis and Security Engine (BASE)

References

Credit