'[FD] CVE-2014-8489 Ping Identity Corporation "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privil'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [FD] CVE-2014-8489 Ping Identity Corporation "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privil
From:       Jing Wang <justqdjing () gmail ! com>
Date:       2014-12-09 13:35:26
Message-ID: CAFWG0-gXM62LY-NBBe21kXOHn0tJ3K0w3aMgNi5iwVpwvavkWw () mail ! gmail ! com
[Download RAW message or body]

*CVE-2014-8489 Ping Identity Corporation "PingFederate 6.10.1 SP Endpoints"
Dest Redirect Privilege Escalation Security Vulnerability*

Exploit Title: "Ping Identity Corporation" "PingFederate 6.10.1 SP
Endpoints" Dest Redirect Privilege Escalation Security Vulnerability
Product: PingFederate 6.10.1 SP Endpoints
Vendor: Ping Identity Corporation
Vulnerable Versions: 6.10.1
Tested Version: 6.10.1
Advisory Publication: Dec 09, 2014
Latest Update: Dec 09, 2014
Vulnerability Type: URL Redirection to Untrusted Site  [CWE-601]
CVE Reference: CVE-2014-8489
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 8.6
Credit: Wang Jing [SPMS, Nanyang Technological University, Singapore]

*Advisory Details*

*(1) Product:*
"PingFederate is a best-of-breed Internet-identity security platform that
implements multiple standards-based protocols to provide cross-domain
single sign-on (SSO) and user-attribute exchange, as well as support for
identity-enabled Web Services and cross-domain user provisioning."

*(2) Vulnerability Details:*
PingFederate 6.10.1 SP Endpoints is vulnerable to Dest Redirect Privilege
Escalation attacks.

The security vulnerability occurs at "/startSSO.ping?" page with
"&TargetResource" parameter.

*References:*
http://tetraph.com/security/cves/cve-2014-8489-ping-identity-corporation-pingfederate-6-10-1-sp-endpoints-dest-redirect-privilege-escalation-security-vulnerability/
 http://documentation.pingidentity.com/display/PF610/PingFederate+6.10
http://cwe.mitre.org
http://cve.mitre.org/

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[prev in list] [next in list] [prev in thread] [next in thread] 