Info

Disclosure

Feb 08, 2004

Discovery

Feb 08, 2004

Dates

Exploit

Unknown

Solution

Unknown

Description

SandSurfer contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered by unspecified conditions. It is possible that the flaw may allow unauthorized login resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 1.7.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

PC & Web Xperience, Inc.	SandSurfer	1.6.2
		1.6.3
		1.6.4
		1.6.5

References

Secunia Advisory ID: 10829
CVE ID: 2004-2087 (see also: NVD)
Bugtraq ID: 9647
Vendor URL: http://freshmeat.net/projects/sandsurfer/
http://sandsurfer.sourceforge.net/
http://sourceforge.net/project/showfiles.php?group_id=31456

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/3922

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

PC & Web Xperience, Inc.

SandSurfer

References

Credit