| VID |
21488 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The CitrusDB software seems to be vulnerable to an authentication bypass vulnerability. CitrusDB is an open-source customer database application that uses PHP and a database backend (currently MySQL). CitrusDB versions 0.3.6 and earlier are vulnerable to an authentication bypass vulnerability, caused by a vulnerability in the application using a static value during the creation of user cookie information. CitrusDB generates easily predictable MD5 hashes of the user name for the id_hash cookie. This allows a remote attacker to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable.
* References:
http://tsyklon.informatik.rwth-aachen.de/redteam/advisories/rt-sa-2005-002
http://seclists.org/lists/fulldisclosure/2005/Feb/0370.html
* Platforms Affected:
SourceForge.net, CitrusDB versions 0.3.6 and earlier
Any Operating system Any version |
| Recommendation |
No upgrade or patch available as of March 2005.
As a workaround, change '$hidden_hash_var' in '/citrusdb/include/user.inc.php' to a value different than 'boogaadeeboo'. |
| Related URL |
CVE-2005-0408 (CVE) |
| Related URL |
12560 (SecurityFocus) |
| Related URL |
(ISS) |
|
