[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    APC Management Vulnerability
From:       garys () totalserversolutions ! com
Date:       2007-11-29 14:41:38
Message-ID: 20071129144138.31239.qmail () securityfocus ! com
[Download RAW message or body]

We have found a security exploit in the latest APC firmware versions for there \
switched rack PDU products. We have only tested this against the version listed below \
on a AP7932 0u 30amp PDU.

Name: 	rpdu
Version: 	v3.5.5
Date: 	07/18/2007
Time: 	11:38:29

Name: 	aos
Version: 	v3.5.6
Date: 	07/18/2007
Time: 	10:24:55
Date Reported to APC: 11-28-2007

Discovered by: 
Gary Simat of Total Server Solutions LLC
Randy Kent of Sevaa Group Inc

Steps to reproduce:
1) login to the APC as a user from computer 1
2) Then attempt to login from another computer (we will call this computer 2), the \
User Name and Password will not be editable, so just click Log On. It will say \
someone is already logged in. leave this page up. 3) logout of computer 1
4) simply hit refresh on computer 2 and select to resend the headers. you will be \
logged in as the previously authenticated user.


[prev in list] [next in list] [prev in thread] [next in thread]