CVE-2002-0903
CVSS7.5
发布时间 :2002-10-04 00:00:00
修订时间 :2008-09-05 16:29:15
NMCOS    

[原文]register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, which allows remote attackers to hijack new user accounts via a brute force attack on the new user ID and the code value.


[CNNVD]WoltLab Burning Board可猜测帐户激活字符串漏洞(CNNVD-200210-162)

        
        WoltLab Burning Board是一款免费基于WEB的论坛程序,由PHP结合MYSQL编写。
        WoltLab Burning Board在激活帐户处理上存在漏洞,可导致远程攻击者提交激活URL请求激活帐户。
        当用户在WoltLab Burning Board论坛上建立一新帐户时,他们会获得一链接,必须点击此链接才能激活使用新的帐户,不过此链接使用可猜测
        格式,任意攻击者可以通过提交类似的激活用户链接请求来激活其他用户的帐户功能。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0903
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0903
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-162
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/4859
(VENDOR_ADVISORY)  BID  4859
http://www.iss.net/security_center/static/9177.php
(VENDOR_ADVISORY)  XF  burningboard-bbs-account-hijacking(9177)
http://online.securityfocus.com/archive/1/274269
(UNKNOWN)  BUGTRAQ  20020526 wbbboard 1.1.1 registration _new_users_vulnerability_

- 漏洞信息

WoltLab Burning Board可猜测帐户激活字符串漏洞
高危 设计错误
2002-10-04 00:00:00 2005-10-20 00:00:00
远程  
        
        WoltLab Burning Board是一款免费基于WEB的论坛程序,由PHP结合MYSQL编写。
        WoltLab Burning Board在激活帐户处理上存在漏洞,可导致远程攻击者提交激活URL请求激活帐户。
        当用户在WoltLab Burning Board论坛上建立一新帐户时,他们会获得一链接,必须点击此链接才能激活使用新的帐户,不过此链接使用可猜测
        格式,任意攻击者可以通过提交类似的激活用户链接请求来激活其他用户的帐户功能。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 创建用户时使用rand()或者md5(uniqid(rand(),1))。
        厂商补丁:
        Woltlab
        -------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.woltlab.de/en/projects.php?id=1

- 漏洞信息

12893
WoltLab Burning Board register.php Predictable User ID Generation
Remote / Network Access

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-05-26 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

WoltLab Burning Board Predictable Account Activation String Vulnerability
Design Error 4859
Yes No
2002-05-27 12:00:00 2009-07-11 01:56:00
Discovery is credited to SeazoN <seazon@dnestr.com>.

- 受影响的程序版本

Woltlab Burning Board 1.1.1

- 漏洞讨论

WoltLab Burning Board is a free web-based bulletin board package based on PHP and MySQL.

It is possible to hijack an account that has not yet been activated. When a user creates a new account on a Burning Board forum, they will be presented with a link which they must click in order to activate their account. The link generated by Burning Board uses a predictable format which can be duplicated so that the account is activated by someone other than the user.

- 漏洞利用

This vulnerability can be exploited with a web browser.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站