Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: dpec-1.htm

DPEC's Online Courseware - change anyone's password without knowing old one!



Vulnerability

    Online Courseware

Affected

    Systems using DPEC's Online Courseware

Description

    Joel Knight found following.  DPEC's Online Courseware has a nasty
    bug  in  it  that  allows  anyone  to change anyone elses password
    without knowing  what their  current0 password  is.   This is  NOT
    limited to normal user accounts, but also to the admin account(s).
    When a  user logs  in for  the first  time, they  are required  to
    change their password.  User jblow goes to the main login page and
    enters his username and password.  The courseware sees that he  is
    a new user  and gives jblow  a second login  screen asking him  to
    verify his password; this is where the problem is.  The courseware
    puts the following tag into the verification page:

        <INPUT TYPE="hidden" NAME="firstpass">

    This  tag  basically  tells  the  courseware  "its  ok, change the
    current  password  to  what  the  user  enters  and  allow them to
    login  regardless  of   current  password  (if   any)".    Further
    inspection of the verification page will find the actual  password
    stored in an <INPUT> tag with the TYPE="hidden" attribute.  Simply
    by saving a copy of this verification page to your hard drive  and
    making  the  proper  modifications,  you  can gain (administrator)
    access to the courseware.

Solution

    In  DPEC's  latest  release,  this  problem  has  not  been fixed.
    Preventing unauthorized password changes:

        1) Use anonymous ftp to connect to teach.dpec.com.
        2) Switch to the /pub directory.
        3) Select  the appropriate  patch file  for your  OS from  the
           following list:

           aix_patch_990125.tar.gz
           bsdi_patch_990125.tar.gz
           digital_patch_990125.tar.gz
           hp-ux_patch_990125.tar.gz
           linux_patch_990125.tar.gz
           nt_patch_990125.zip
           solaris_patch_990125.tar.gz

        4) Fetch the appropriate patch file using binary ftp.
        5) Decompress and unpack the patch file.
        6) Consult the readme.txt file for installation instructions.

    This  fix  will  be  incorporated  into  future  versions  of  the
    courseware.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH