Vulnerabilities > CVE-2002-0236 - Authentication Bypass vulnerability in Lucent VitalNet Password

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

lucent

nessus

exploit available

NVD

Published: 2002-05-29

Updated: 2016-10-18

Summary

Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user.

Vulnerable Configurations

Part	Description	Count
Application	Lucent Lucent Vitalanalysis 8.0 Lucent Vitalanalysis 8.1 Lucent Vitalanalysis 8.2 Lucent Vitalevent 8.0 Lucent Vitalevent 8.1 Lucent Vitalevent 8.2 Lucent Vitalhelp 8.0 Lucent Vitalhelp 8.1 Lucent Vitalhelp 8.2 Lucent Vitalnet 8.0 Lucent Vitalnet 8.1 Lucent Vitalnet 8.2 Lucent Vitalsuite 8.0 Lucent Vitalsuite 8.1 Lucent Vitalsuite 8.2	15

Exploit-Db

description	Lucent 8.x VitalNet Password Authentication Bypass Vulnerability. CVE-2002-0236. Remote exploit for windows platform
id	EDB-ID:21203
last seen	2016-02-02
modified	2002-01-16
published	2002-01-16
reporter	Mark Cooper
source	https://www.exploit-db.com/download/21203/
title	Lucent 8.x VitalNet Password Authentication Bypass Vulnerability

Nessus

NASL family	CGI abuses
NASL id	VSSETCOOKIE.NASL
description	The VsSetCookie.exe CGI exists on the remote web server. Some versions of this file have an unauthorized access vulnerability. Making a request similar to : http://www.example.com/cgi-bin/VsSetCookie.exe?vsuser=<user_name> will result in full access if a valid username is provided. Please note Nessus solely relied on the existence of this CGI in reporting this vulnerability.
last seen	2020-06-01
modified	2020-06-02
plugin id	11731
published	2003-06-11
reporter	This script is Copyright (C) 2003-2018 John Lampe
source	https://www.tenable.com/plugins/nessus/11731
title	Lucent VitalNet VsSetCookie.exe Unauthorized Access
code	# # This script was written by John [email protected] # # See the Nessus Scripts License for details # # Changes by Tenable: # - Revised plugin title (4/9/2009) include("compat.inc"); if (description) { script_id(11731); script_version("1.26"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2002-0236"); script_bugtraq_id(3784); script_name(english:"Lucent VitalNet VsSetCookie.exe Unauthorized Access"); script_summary(english:"Checks for the VsSetCookie.exe file"); script_set_attribute(attribute:"synopsis", value: "A web application on the remote host has an unauthorized access vulnerability."); script_set_attribute(attribute:"description", value: "The VsSetCookie.exe CGI exists on the remote web server. Some versions of this file have an unauthorized access vulnerability. Making a request similar to : http://www.example.com/cgi-bin/VsSetCookie.exe?vsuser=<user_name> will result in full access if a valid username is provided. Please note Nessus solely relied on the existence of this CGI in reporting this vulnerability."); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2002/Feb/60"); script_set_attribute(attribute:"solution", value:"Contact the vendor for a patch."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/01/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/06/11"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2020 John Lampe"); script_family(english:"CGI abuses"); script_dependencie("http_version.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("http_func.inc"); include("http_keepalive.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_http_port(default:80, embedded:TRUE); flag = 0; directory = ""; foreach dir (cgi_dirs()) { u = string(dir, "/VsSetCookie.exe"); if(is_cgi_installed_ka(item: u, port:port)) { report = '\n'+build_url(qs:u, port:port)+' was found.\n'; security_hole(port:port, extra:report); break; } }

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References