Authentication Bypass Vulnerability in IBM OmniFind Enterprise Edition
CVE-2010-3898

Currently unrated

Key Information:

Vendor
IBM
Status
Omnifind
Vendor
CVE Published:
12 November 2010

Summary

IBM OmniFind Enterprise Edition versions 8.x and 9.x contains a flaw that allows remote attackers to bypass administrator authentication. This occurs due to improper restrictions applied to the cookie path for administrator cookies (known as ESAdmin). Attackers who gain access to other pages of the affected web application may exploit this vulnerability to authenticate as administrators without proper authorization, thereby compromising the security of the system.

References

http://www.securityfocus.com/archive/1/514688/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/44740
vdb-entryx_refsource_BID
http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.