<<< Date Index >>>     <<< Thread Index >>>

Chetcpasswd 2.x: multiple vulnerabilities



>From Debian.org:

"chetpasswd uses the HTTP_X_FORWARDED_FOR for authentication purposes(...). 
Obviously, HTTP_X_FORWARDED_FOR is not a trusted variable, and can be spoofed 
by any scriptkiddie who can read the man page of wget (...).

Furthermore, this cgi script doesn't seem to implement any rate limiting for 
the passwd checks, thereby  allowing for a dictionary attack via http.  Also, 
it seems to give different a error message if the user is not found then if the 
entered password is wrong, thereby exposing the names of user accounts to 
external attackers (...)."

The original message and others are available at 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454