On Tue, 20 Sep 2011 12:18:43 +1000, Lists said:
> Basic authentication is used as the primary and only authentication
> mechanism for the administrator interface on the device. The basic
> authentication can be bypassed by sending a valid POST request to the
> device without sending any authentication header. The response from the
> device sends the user to another page that requests basic
> authentication, however at this point the request has already been
> processed.
The.. request.. has.. already.. been.. processed. *facepalm*. ;)
The most obvious way to screw this up:
if (request_not_validated())
send_error_page();
else
execute_request();
and somebody forgot the 'else', making the execute a fall-through.
But how does something like that slip through basic testing?
Attachment:
pgpHPVeU4rnJZ.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/