I should have detect this! Find enclosed an nasl file to use with nessus scanner. david
What's Up Professional 2006 is vulnerable to a spoofing attack whereby the attacker can trick the application into thinking he/she is making a request from the console (which is considered trusted). This attack will allow the attacker to bypass the authentication mechanism of the application and login without credentials. The application believes that if it is passed the following headers in an HTTP request, then it is a trusted request: User-Agent: Ipswitch/1.0 User-Application: NmConsole These headers can be easily spoofed. An easy way to accomplish the spoof is to use a webproxy such as webscarab (see owasp.org). I have put a more detailed text file here: http://www.ftusecurity.com/pub/whatsup.public.pdf I contacted IPSwitch. They said the issue would be fixed in the next release. I followed up twice to find a status and did not receive a reply. Since the release of some What's Up Professional vulnerabilities recently -- see: http://www.securityfocus.com/archive/1/433808 -- I decided to release this information. I've been burned in the past by reporting vulnerabilities responsibly to vendors, someone else irresponsibly discloses the issue publicly before the fix is released and the company does not credit me with the initial report. Sincerely, Kenneth F. Belva, CISSP http://www.ftusecurity.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Attachment:
ipswitch_auth_bypass.nasl
Description: Binary data