Date: Fri, 7 Jun 2013 09:46:52 -0300 From: Felipe Pena <felipensp@...il.com> To: oss-security@...ts.openwall.com Subject: Broken authentication on Monkey HTTPD Auth plugin I've found an issue in the way as Monkey HTTPD Auth login performs authentication: CVE-2013-2159 - Broken username checking on Auth plugin Due strncmp() misuse the username checking phase was matching different usernames when checking N initial bytes from username list. $ ./mk_passwd -c -b ../plugins/auth/users.mk felipe123 bar [+] Adding user felipe123 $ ./mk_passwd -b ../plugins/auth/users.mk felipe foo [+] Adding user felipe On this scenario, we only manage to log in with 'felipe' username using 'bar' as password, since the strncmp() was using the first 6 bytes to match the usernames. The bug has been fixed, more details at http://bugs.monkey-project.com/ticket/183 -- Regards, Felipe Pena
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.