OSVDB ID: 86407

Title: Videosmate Organizer admin/admin.php Client Side JavaScript Authentication Bypass

Info

Disclosure

Oct 16, 2012

Discovery

Unknown

Dates

Exploit

Oct 16, 2012

Solution

Unknown

Description

Videosmate Organizer contains a flaw that is triggered by the admin/admin.php script requiring client side javascript authentication. This may allow a remote attacker to manipulate authentication data on the client side to bypass authentication and login as an administrative user.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

IW Technologies LLC

Videosmate Organizer

4.2

References

Secunia Advisory ID: 50934
Packet Storm: http://packetstormsecurity.org/files/117421/Videosmate-Organizer-4.2-Authentication-Bypass-Path-Disclosure.html
Vendor URL: http://videosmate.com/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86407