Vigil@nce: IBM websphere, authentication bypass
August 2008 by Vigil@nce
SYNTHESIS
An attacker can bypass authentication and obtain administrative
access.
Gravity: 3/4
Consequences: privileged access/rights
Provenance: internet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 20/08/2008
Identifier: VIGILANCE-VUL-8041
IMPACTED PRODUCTS
– IBM WebSphere Application Server [confidential versions]
DESCRIPTION
IBM WebSphere Portal Server purpose customized applications
function of user’s criteria.
Under certain conditions authentication problem can occur. The
problem implies all users and come from autorisation and
authentication module (login/logout)
An attacker can therefore use this vulnerability to bypass
authentication and obtain administrative access.
CHARACTERISTICS
Identifiers: BID-30500, CVE-2008-3423, PK67104, VIGILANCE-VUL-8041