OSVDB ID: 5339

Title: HP AdvanceStack Hub Web Config Utility web_access.html Authentication Bypass

Info

Disclosure

Feb 08, 2002

Discovery

Unknown

Dates

Exploit

Feb 08, 2002

Solution

Unknown

Description

HP AdvanceStack hubs contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker bypasses the authentication in the 'web_access.html' administrative page by directly accessing the page. Successful exploitation allows an attacker to change the superuser password and thus able to gain full control of the affected device.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Workaround
Exploit: Exploit Public
Disclosure: Third-party Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): 1. Disable web access using telnet or RS-232 interface 2. Remove the management IP address

Products

Hewlett-Packard Development Company, L.P.	J3210A	A.03.07
	J3200A	A.03.07
	J3201A	A.03.07
	J3202A	A.03.07
	J3203A	A.03.07
	J3204A	A.03.07
	J3205A	A.03.07

References

CVE ID: 2002-0250 (see also: NVD)
Exploit Database: 21285
Bugtraq ID: 4062
ISS X-Force ID: 8124
Vendor URL: http://itrc.hp.com
Other Advisory URL: http://www.securityfocus.com/advisories/3870
http://www.securityoffice.net/articles/hp/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/5339

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Hewlett-Packard Development Company, L.P.

J3210A

J3200A

J3201A

J3202A

J3203A

J3204A

J3205A

References

Credit