Exploit Apache Mod_Auth_OpenID - Session Stealing

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
18917
Проверка EDB
  1. Пройдено
Автор
PETER ELLEHAUGE
Тип уязвимости
LOCAL
Платформа
LINUX
CVE
cve-2012-2760
Дата публикации
2012-05-24
Код:
https://github.com/paranoid/mod_auth_openid/blob/master/CVE-2012-2760.markdown


# Security Advisory 1201
    Summary           : Session stealing
    Date              : May 2012
    Affected versions : all versions prior to mod_auth_openid-0.7
    ID                : mod_auth_openid-1201
    CVE reference     : CVE-2012-2760

# Details
Session ids are stored insecurely in /tmp/mod_auth_openid.db (default
filename). The db is world readable and the session ids are stored
unencrypted.

# Impact
If a user has access to the filesystem on the mod_auth_openid server,
they can steal all of the current openid authenticated sessions

# Workarounds
A quick improvement of the situation is to chmod 0400 the DB file.
Default location is /tmp/mod_auth_openid.db unless another location
has been configured in AuthOpenIDDBLocation.

# Solution
Upgrade to mod_auth_openid-0.7 or later:
http://findingscience.com/mod_auth_openid/releases

# Credits
This vulnerability was reported by Peter Ellehauge, ptr at groupon dot
com. Fixed by Brian Muller bmuller at gmail dot com

# References
mod_auth_openid project: http://findingscience.com/mod_auth_openid/

# History
15 May 2012
Discovered the vulnerability. Created private patch.

16 May 2012
Notified maintainer.
Obtained CVE-id

22 May 2012
Fixed by Brian Muller (bmuller at gmail dot com) in
mod_auth_openid-0.7 -
https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLog

-- 
ptr
 
Источник
www.exploit-db.com

Похожие темы