PT-2011-20: Authorization bypass vulnerability in OneOrZero AIMS Vulnerable softwareOneOrZero AIMS Version: 2.7.0 and earlier (possibly)Application link: http://www.oneorzero.com/ Severity levelSeverity level: High Impact: Authorization bypass Access Vector: Network exploitable CVSS v2: Base Score: 7.5 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)CVE: not assignedSoftware descriptionOneOrZero AIMS is a powerful enterprise ready suite that includes a help desk, knowledge base, time manager and reporting system supported by a highly configurable and extensible Action & Information Management System that allows you to 'build your own system' on the fly. Vulnerability descriptionPositive Research Center has discovered authorization bypass vulnerability in OneOrZero AIMS. Vulnerability exists due incorrect logic of authorization using $_COOKIE variables - predictable session value, stored in $_COOKIE['oozimsrememberme'] variable. Attacker, have valid username which registered in system, can generate session and bypass authorization.How to fixReview algorithm of authorization with $_COOKIE['oozimsrememberme'] variable and add some logic to associate this variable with password.Advisory status08.07.2011 - Vendor is notified 23.08.2011 - Vulnerability details were sent to CERT 19.10.2011 - Public disclosure CreditsThe vulnerability was detected by Yuri Goltsev, Positive Research Center (Positive Technologies Company)Referenceshttp://en.securitylab.ru/lab/PT-2011-20 http://www.kb.cert.org/vuls/id/800227Reports on the vulnerabilities previously discovered by Positive Research:http://www.ptsecurity.com/advisory1.aspx http://en.securitylab.ru/lab/
