Info

Disclosure

May 29, 2012

Discovery

May 04, 2012

Dates

Exploit

Sep 14, 2012

Solution

Unknown

Description

iFOBS contains a flaw related to the /ifobsClient/loginlite.jsp and /ifobsClient/loginsecurity.jsp script. The login functionality fails to implement CAPTCHA or a similar anti-automation tool. This may allow an attacker to more easily conduct brute force attacks against a user's account.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

CS Ltd

iFOBS

2.1.5.8.11

References

Related OSVDB ID: 85705
Other Advisory URL: http://websecurity.com.ua/5852/
Vendor URL: https://www.csltd.com.ua/en/our-products/for-banking/ifobs.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85706