SecurityHome.eu Security vulnerability: DOINGSOFT-ipdiva.txt

Home / vulnerabilities PDF

DOINGSOFT-ipdiva.txt
Posted on 15 February 2008
Source : packetstormsecurity.org Link

ID : DOINGSOFT-2008-02-11-001

Discovered : 15/10/2007
-----------------
Corrected : 15/11/2007
----------------
Publication :11/02/2008
----------------
Affected Software : IPDiva VPNSSL
Versions :
Users who autenticate with login et passwd without OTP systems
* 2.2 branch < 2.2.8.84
* 2.3 branch < 2.3.2.14
-------------------
Vulnerability : Brute force attack

Description :
The IPDiva Mediation server suffer of cookie exploitation
vulnerability. A mecanism of limitation after a number of bad login/
passwd exist based on a cookie. When the cookie is null, the account
is blocked. With the modification of the cookie to a value like 4242,
we can try a unlimited number of connection if the cookie is resetted
when it reached 2

TOP

Malware :

Backdoor.WinCE.Brador.A
WinCE.Dust.A
Backdoor:WinCE/PhoneCreeper.A
Dialer:WinCE/Terdial.A
Trojan:WinCE/Terdial

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20