CVE-2006-2918
CVSS5.0
发布时间 :2006-06-23 17:06:00
修订时间 :2011-06-20 00:00:00
NMCOPS    

[原文]The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."


[CNNVD]Lanap BotDetect APS.NET CAPTCHA组件 访问验证错误漏洞(CNNVD-200606-481)

        Lanap BotDetect APS.NET CAPTCHA组件1.5.4.0之前版本将CAPTCHA的UUID和散列储存在页面的ViewState中,远程攻击者通过"未知次数的ViewState重放"来进行自动攻击。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-264 [权限、特权与访问控制]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2918
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2918
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-481
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/18315
(PATCH)  BID  18315
http://www.securityfocus.com/archive/1/archive/1/438159/100/0/threaded
(PATCH)  BUGTRAQ  20060622 SYMSA-2006-005
http://xforce.iss.net/xforce/xfdb/27409
(UNKNOWN)  XF  lanap-botdetect-captcha-security-bypass(27409)
http://www.vupen.com/english/advisories/2006/2518
(VENDOR_ADVISORY)  VUPEN  ADV-2006-2518
http://www.symantec.com/enterprise/research/SYMSA-2006-005.txt
(UNKNOWN)  CONFIRM  http://www.symantec.com/enterprise/research/SYMSA-2006-005.txt
http://securitytracker.com/id?1016371
(UNKNOWN)  SECTRACK  1016371
http://securityreason.com/securityalert/1139
(UNKNOWN)  SREASON  1139
http://secunia.com/advisories/20830
(VENDOR_ADVISORY)  SECUNIA  20830

- 漏洞信息

Lanap BotDetect APS.NET CAPTCHA组件 访问验证错误漏洞
中危 访问验证错误
2006-06-23 00:00:00 2006-06-30 00:00:00
远程  
        Lanap BotDetect APS.NET CAPTCHA组件1.5.4.0之前版本将CAPTCHA的UUID和散列储存在页面的ViewState中,远程攻击者通过"未知次数的ViewState重放"来进行自动攻击。

- 公告与补丁

        厂商已发布1.5.4.0版本的BotDetect CAPTCHA ASP.NET来解决此问题。

- 漏洞信息 (F47765)

SYMSA-2006-005.txt (PacketStormID:F47765)
2006-06-27 00:00:00
Symantec  symantec.com
advisory,asp
CVE-2006-2918
[点击下载]

Symantec Vulnerability Research Security Advisory SYMSA-2006-005 - The CAPTCHA component for ASP.NET provided by Lanap may be completely bypassed, thus undermining the security benefit of the CAPTCHA technology.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Symantec Vulnerability Research

http://www.symantec.com/research
Security Advisory

Advisory ID   : SYMSA-2006-005
Advisory Title: Lanap CAPTCHA bypass exposure
Author        : Michael White, michael_white@symantec.com and
		Graham Murphy, graham_murphy@symantec.com
Release Date  : 23-06-2006
Application   : BotDetect Lanap CAPTCHA component
Platform      : ASP.NET
Severity      : Low/Limited exposure
Vendor status : Vendor verified, patch available
CVE Number    : CVE-2006-2918
Reference     : http://www.securityfocus.com/bid/18315


Overview:

	The CAPTCHA component for ASP.NET provided by Lanap may be
	completely bypassed, thus undermining the security benefit
	of the CAPTCHA technology.


Details:

	During a consulting engagement, Symantec identified that the
	Lanap CAPTCHA component stores the UUID and hash for a given
	CAPTCHA within the page ViewState. By replaying the ViewState
	for a known number, a remote attacker may avoid the CAPTCHA
	entirely.

	This behaviour is dependent on the way in which the Lanap
	component is integrated, however numerous examples including
	Lanap's demo code are identified as exhibiting this behaviour.


Vendor Response:

	The above vulnerability has been fixed in the latest release
	of the product, BotDetect ASP.NET CAPTCHA 1.5.4.0.

	Licensed and evaluation versions of Lanap BotDetect ASP.NET
	CAPTCHA	are available for customer download from the Lanap
	website at http://www.lanapsoft.com

	If there are any further questions about this statement, please
	contact Lanap support.

Recommendation:

	Upgrade to the latest release of the product,
	BotDetect ASP.NET CAPTCHA 1.5.4.0.


Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues.  These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.


  CVE-2006-2918

- - - - -------Symantec Vulnerability Research Advisory Information-------

For questions about this advisory, or to report an error:
research@symantec.com

For details on Symantec's Vulnerability Reporting Policy:
http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf

Symantec Vulnerability Research Advisory Archive:
http://www.symantec.com/research/

Symantec Vulnerability Research GPG Key:
http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc

- - - - -------------Symantec Product Advisory Information-------------

To Report a Security Vulnerability in a Symantec Product:
secure@symantec.com

For general information on Symantec's Product Vulnerability reporting and response:
http://www.symantec.com/security/

Symantec Product Advisory Archive:
http://www.symantec.com/avcenter/security/SymantecAdvisories.html

Symantec Product Advisory PGP Key:
http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc

- - - - ---------------------------------------------------------------

Copyright (c) 2006 by Symantec Corp.
Permission to redistribute this alert electronically is granted
as long as it is not edited in any way unless authorized by
Symantec Consulting Services. Reprinting the whole or part of
this alert in any medium other than electronically requires
permission from cs_advisories@symantec.com.

Disclaimer
The information in the advisory is believed to be accurate
at the time of publishing based on currently available information.
Use of the information constitutes acceptance for use in an
AS IS condition. There are no warranties with regard to this
information.
Neither the author nor the publisher accepts any liability
for any direct, indirect, or consequential loss or damage
arising from use of, or reliance on, this information.

Symantec, Symantec products, and Symantec Consulting Services
are registered trademarks of Symantec Corp. and/or affiliated
companies in the United States and other countries. All other
registered and unregistered trademarks represented in this
document are the sole property of their respective
companies/owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEmZKGuk7IIFI45IARAshOAJ9/x0C9NsmCuo43amlpnOAGKtonPgCg2XPQ
dBEH77ubEwyEjWGaFiTt4bw=
=QhH/
-----END PGP SIGNATURE-----
    

- 漏洞信息

26812
Lanap BotDetect ASP.NET CAPTCHA ViewState Bypass

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-06-23 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Lanap BotDetect CAPTCHA ASP.NET Bypass Weakness
Access Validation Error 18315
Yes No
2006-06-23 12:00:00 2006-06-23 08:25:00
Michael White <michael_white@symantec.com> and Graham Murphy <graham_murphy@symantec.com> are credited with the discovery of this issue.

- 受影响的程序版本

Lanap BotDetect CAPTCHA ASP.NET 0
Lanap BotDetect CAPTCHA ASP.NET 1.5.4 .0

- 不受影响的程序版本

Lanap BotDetect CAPTCHA ASP.NET 1.5.4 .0

- 漏洞讨论

Lanap BotDetect is prone to a weakness that may allow attackers to bypass the CAPTCHA mechanism.

Exploiting this issue may aid malicious users in further attacks. The specific impact of exploiting this issue depends on the particular service that the software is employed to protect.

BotDetect CAPTCHA ASP.NET versions prior to 1.5.4.0 are affected by this issue.

- 漏洞利用

Attackers use standard network utilities to exploit this issue.

- 解决方案

The vendor has released version 1.5.4.0 of BotDetect CAPTCHA ASP.NET to address this issue.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站