[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Officescan 5.5.6 authentication bug?

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] Officescan 5.5.6 authentication bug?
From: "Casey Ellis" <casey@xxxxxxxxxxxxxxxx>
Date: Wed, 12 May 2004 09:23:43 +1000

Gentlemen,
 
Had a flash in the pan abnormality with an installation of Officescan.
 
Installed and configure as per normal with IIS frontend listening on TCP 80 
(standard configuration), when you configure it like this and hit the login 
screen with a web browser (I used IE6, and I believe it was a completely new 
session, the machine had been rebooted in betwenn the last legit authentication 
and this incident) there is an authentication field and another field for 
entering a serial number. 
 
On entry of the serial number it accepted but then proceeded to authenticate me 
and allow me into the console.
 
Has anyone/can anyone verify this/what could be causing it?
 
Regards,
Casey Ellis
Blue Cable Monkey

Prev by Date: Re: [Full-Disclosure] Wireless ISPs
Next by Date: Re: [Full-Disclosure] Wireless ISPs
Previous by thread: Re: [Full-Disclosure] removing sasser
Next by thread: [Full-Disclosure] Remote DoS IE Memory Access Violation (forwarded from bugtraq)
Index(es):
- Date
- Thread