Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CA+5g0SKGCDiYrAD_K_jghz043w4FejkGZOZxPmKdAqVFeSFMKQ@mail.gmail.com>
Date: Fri, 7 Jun 2013 09:46:52 -0300
From: Felipe Pena <felipensp@...il.com>
To: oss-security@...ts.openwall.com
Subject: Broken authentication on Monkey HTTPD Auth plugin

I've found an issue in the way as Monkey HTTPD Auth login performs
authentication:

CVE-2013-2159 - Broken username checking on Auth plugin

Due strncmp() misuse the username checking phase was matching different
usernames when checking N initial bytes from username list.

$ ./mk_passwd -c -b ../plugins/auth/users.mk felipe123 bar
[+] Adding user felipe123
$ ./mk_passwd -b ../plugins/auth/users.mk felipe foo
[+] Adding user felipe

On this scenario, we only manage to log in with 'felipe' username using
'bar' as password, since the strncmp() was using the first 6 bytes to match
the usernames.

The bug has been fixed, more details at
http://bugs.monkey-project.com/ticket/183

-- 
Regards,
Felipe Pena

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.