Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - OTRS: privilege elevation via iPhoneHandle

August 2011 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker, who is authenticated on the OTRS iPhoneHandle interface, can alter OTRS objects.

Severity: 2/4

Creation date: 18/07/2011

IMPACTED PRODUCTS

- OTRS

DESCRIPTION OF THE VULNERABILITY

The OTRS iPhoneHandle interface can be used by an administrator to connect to OTRS, via a phone.

However, the CGI iPhoneHandle/bin/cgi-bin/json.pl script, and the iPhoneHandle/Kernel/System/iPhone.pm kernel do not limit the access to OTRS objects.

An attacker, who is authenticated on the OTRS iPhoneHandle interface, can therefore alter OTRS objects.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/O...




See previous articles

    

See next articles