[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability
- To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability
- From: Daniel Clemens <daniel.clemens@xxxxxxxxxxxxxxxx>
- Date: Tue, 17 May 2011 17:49:15 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Packetninjas L.L.C
www.packetninjas.net
-= Security Advisory =-
Advisory: Zeacom Chat Server JSESSIONID weak SessionID Vulnerability
Release Date: unknown
Last Modified: 09/27/2010
Author: Daniel Clemens [daniel.clemens[at]packetninjas.net]
Application: Zeacom Chat Application <= 5.0 SP4
Severity:
Usage of weak Weak Session management exists within the Zeacom web-chat
application
enabling the bruteforce of the sessionid which can enable the hijacking
of anothers chat session.
The Zeacom application handles new sessions through a 10 character
string (JSESSIONID),
resulting in an effective 9 bit entropy level for session management.
The end result of an
attack would enable an attacker to hijack a session where private
information is revealed
within a chat session or a denial of service within the application
server resulting in
a complete crash of the application server. (Tomcat)
In most scenarios the application would crash locking the application
server.
Risk: Medium
Vendor Status: Zeacom
Vulnerability Reference: CVE-2010-0217
http://www.packetninjas.net/storage/advisories/Zeacom-CVE-2010-0217.txt
Overview:
Information provided from http://www.zeacom.com
"Zeacom is a leading provider of advanced Unified Communications solutions
that integrate
real-time communication tools such as presence information, contact routing,
conferencing,
chat and speech recognition with conventional tools such as voicemail, email
and fax."
During evaluation of a blackbox application assessment routine
application security checks were performed to test the strength of session
management within the Zeacom Chat application.
The Zeacom application handles new sessions through a 10 character string which
is a part of the JSESSIONID, which results in an effective 9 bit entropy level
for session management.
Proof of Concept:
By looking at the JSESSIONID, one is able to determine that it is trivial to
brute force the session
id (JSESSIONID) space.
Disclosure Timeline:
April 1st, 2010 - Initial Contact with Zeacom.
April 6th, 2010 - Zeacom acknowledges the receipt of the initial
communication.
April 20th, 2010 - Zeacom acknowledges that the version of Zeacom Chat server
affected is <= 5.0 SP4.
- Zeacom also states that they will not be
issuing a patch for customers running <= 5.0SP4
but will be moving clients to their new 5.1
release.
Recommendation:
- It is recommended to upgrade to the latest version of Zeacom Chat Server.
(Version 5.1 or greater)
CVE Information: CVE-2010-0217
| Daniel Uriah Clemens
| Packetninjas L.L.C | | http://www.packetninjas.net
| c. 205.567.6850 | | o. 866.267.8851
"Moments of sorrow are moments of sobriety"
-----BEGIN PGP SIGNATURE-----
iD8DBQFN0vtvlZy1vkUrR4MRAjx3AJ9k6Kj3Ih3LVjabVQE0E+DerZeG0wCfY0dI
lKUHztAtnNG6FH4ZphEl7Wc=
=aw+L
-----END PGP SIGNATURE-----