header-logo
Suggest Exploit
vendor:
cosign
by:
7.5
CVSS
HIGH
Authentication Bypass
CWE
Product Name: cosign
Affected Version From: Prior to 1.9.4b and 2.0.2a
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Authentication Bypass in cosign Application

The 'cosign' application is prone to an authentication-bypass vulnerability because it fails to adequately sanitize user-supplied input. An attacker can exploit this issue to gain unauthorized access to services hosted on an affected computer.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23422/info

The 'cosign' application is prone to an authentication-bypass vulnerability because it fails to adequately sanitize user-supplied input.

An attacker can exploit this issue to gain unauthorized access to services hosted on an affected computer.

Versions prior to 1.9.4b and 2.0.2a are vulnerable. 

cosign=X\rLOGIN cosign=X 1.2.3.4 username\rREGISTER cosign=X 1.2.3.4 cosign-servicename=Y

Navigation

Suggest Exploit

Services By CQR