[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    FAA US Academy (AFS) - Auth Bypass Vulnerability
From:       "research () vulnerability-lab ! com" <research () vulnerability-lab ! com>
Date:       2012-01-28 12:44:45
Message-ID: 4F23EDBD.20601 () vulnerability-lab ! com
[Download RAW message or body]

Title:
======
FAA US Academy (AFS) - Auth Bypass Vulnerability


Date:
=====
2012-01-28


References:
===========
http://vulnerability-lab.com/get_content.php?id=171


VL-ID:
=====
171


Introduction:
=============
This is a FAA computer system. FAA computer systems are provided for the processing \
of Official U.S. Government information only.  All data contained on FAA computer \
systems is owned by the FAA may be monitored, intercepted, recorded, read, copied, or \
captured  in any manner and disclosed in any manner, by authorized personnel. THERE \
IS NO RIGHT OF PRIVACY IN THIS SYSTEM. System personnel  may give to law enforcement \
officials any potential evidence of crime found on FAA computer systems. USE OF THIS \
SYSTEM BY ANY USER,  AUTHORIZED OR UNAUTHORIZED, CONSTITUTES CONSENT TO THIS \
MONITORING, INTERCEPTION, RECORDING, READING, COPYING, OR CAPTURING and DISCLOSURE.

(Copy of the Vendor Homepage: http://www.faa.gov/afs650/)


Abstract:
=========
An anonymous Vulnerability-Laboratory researcher/analyst discovered an Auth Bypass \
vulnerability on  the AFS  application of the Federal Aviation Administration \
[Academy].



Report-Timeline:
================
2011-02-07:	Vendor Notification 1
2011-03-23:	Vendor Notification 2
2011-07-19:	Vendor Notification 3
2011-**-**:	Vendor Response/Feedback
2011-**-**:	Vendor Fix/Patch 
2012-01-28:	Public or Non-Public Disclosure


Status:
========
Published


Affected Products:
==================

Exploitation-Technique:
=======================
Remote


Severity:
=========
Critical


Details:
========
An auth bypass vulnerability is detected in the FAA AFS Evaluation Application \
System. The bug is located in a vulnerable  login form which allows an remote \
attacker to bypass the application unauthorized. Successful exploitation can result \
in  dbms & academy website compromise via injection.

Vulnerable Module(s):
								[+] Login - All Forms

Affected Version(s):
								FAA AFS-300 Aircraft Maintenance Division
								FAA AFS-630 Customer Satisfaction Survey
								FAA AFS-640 Course Evaluation 
								FAA AFS-650 Evaluation System 
								---> AFS-630, AFS-640 & AFS-650


Proof of Concept:
=================
The auth bypass vulnerability can be exploited by remote attackers. For demonstration \
...

Username:					'or 1=1--
Password:					'or 1=1--

Reference(s):
						http://www.xxx.faa.gov/afs650/admin/
						http://www.xxx.faa.gov/afs640/admin/
						http://www.xxx.faa.gov/afs630/admin/   


Note:
Remember it's forbidden (law) to access or attack the FAA Computer System! We just \
analysed a submission!


Risk:
=====
The security risk of the auth bypass vulnerability is estimated as critical.


Credits:
========
Vulnerability Research Laboratory   -  N/A  Anonymous


Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. \
Vulnerability-Lab disclaims all warranties,  either expressed or implied, including \
the warranties of merchantability and capability for a particular purpose. \
Vulnerability- Lab or its suppliers are not liable in any case of damage, including \
direct, indirect, incidental, consequential loss of business  profits or special \
damages, even if Vulnerability-Lab or its suppliers have been advised of the \
possibility of such damages. Some  states do not allow the exclusion or limitation of \
liability for consequential or incidental damages so the foregoing limitation  may \
not apply. Any modified copy or reproduction, including partially usages, of this \
file requires authorization from Vulnerability- Lab. Permission to electronically \
redistribute this alert in its unmodified form is granted. All other rights, \
including the use of  other media, are reserved by Vulnerability-Lab or its \
suppliers.

    						Copyright © 2012|Vulnerability-Lab




-- 
Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
Contact: admin@vulnerability-lab.com or support@vulnerability-lab.com


[prev in list] [next in list] [prev in thread] [next in thread]