Vulnerabilities > CVE-2005-0296 - Unspecified vulnerability in Novell Groupwise and Groupwise Webaccess
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN novell
nessus
Summary
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 12 |
Nessus
| NASL family | CGI abuses |
| NASL id | GROUPWISE_AUTH_BYPASS.NASL |
| description | The remote host is running Novell GroupWise WebAccess, a commercial groupware package. The remote version of this software is prone to an authentication bypass attack. An attacker requesting : /servlet/webacc?error=webacc may bypass the authentication mechanism and gain access to the groupware console. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 16183 |
| published | 2005-01-17 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/16183 |
| title | Novell GroupWise WebAccess Error Handler Authentication Bypass |
References
- http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html
- http://support.novell.com/servlet/tidfinder/10096251
- http://www.securityfocus.com/bid/12285
- http://www.osvdb.org/13135
- http://marc.info/?l=bugtraq&m=110608203729814&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18954