[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Authentication bypass in D-Link devices (session cookies not validated)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Authentication bypass in D-Link devices (session cookies not validated)
From: doylej.ia@xxxxxxxxxxxxxxxxxxxxxxx
Date: Mon, 8 Jul 2013 16:07:39 GMT

Vendor: D-Link
Affected Products:
-DIR-505L SharePort Mobile Companion (HW: A1 / FW: 1.01)
-DIR-826L Wireless N600 Cloud Router (HW: A1 / FW: 1.02)
Vendor Notification: April 8, 2013
Public Disclosure: July 8, 2013
Vulnerability Type: Authentication Bypass
CVE Reference: CVE-2013-4772
Solution Status: Not Fixed
Credit: Jason Doyle / tw: jasond0yle

Advisory Details:
It is possible to bypass authentication to gain administrator level access to 
the web management console by navigating directly to any web page while a 
legitimate session is still active. During this window of opportunity, session 
cookies are not validated and an attacker with or without a session cookie can 
gain unfettered access to view and change all configurable settings on the 
device, including the addition / modification of user accounts for persistent 
access. This is not possible once a legitimate session has expired.

Prev by Date: ESA-2013-052: RSA(r) Authentication Manager Sensitive Information Disclosure Vulnerability
Next by Date: Re: OS-Command Injection via UPnP Interface in multiple D-Link devices
Previous by thread: ESA-2013-052: RSA(r) Authentication Manager Sensitive Information Disclosure Vulnerability
Next by thread: [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification
Index(es):
- Date
- Thread