OSVDB ID: 8593

Title: Keene Digital Media Server adminusers.kspx Adminsitrative Authentication Bypass

Info

Disclosure

Aug 12, 2004

Discovery

Unknown

Dates

Exploit

Aug 12, 2004

Solution

Unknown

Description

Keene Digital Media Server contains a flaw that may allow a malicious user to bypass authentication used to protect the adminusers.kspx page. The issue is triggered when a malicious user accesses the /dms/adminusers.kspx script directly. It is possible that the flaw may allow the malicious user the ability to read and change administrative options resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Keene Software Corporation	Digital Media Server	1.0.2
		1.0.4
		1.0.3

References

Secunia Advisory ID: 12272 12423
Related OSVDB ID: 8591 8592
Vendor URL: http://www.keenesoftware.com/html/dms.html

Credit

Ziv Kamir - vulncodeyahoo.com -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Keene Software Corporation

Digital Media Server

References

Credit