|
WiKID wClient-PHP <= 3.0-2 Multiple XSS Vulnerabilities
Name Multiple Vulnerabilities in wClient-PHP
Systems Affected wClient-PHP 3.0-2 and earlier versions
Severity Medium
Impact (CVSSv2) Medium (5/10, vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
Vendor http://www.wikidsystems.com/
Advisory http://www.ush.it/team/ush/hack-wclient/wikid.txt
Author Francesco "ascii" Ongaro (ascii AT ush DOT it)
Antonio "s4tan" Parata (s4tan AT ush DOT it)
Date 20080411
I. BACKGROUND
From the WiKID website: "The WiKID Strong Authentication System is a
dual-source, software-based two-factor authentication system designed
to be less expensive and more extensible than hardware tokens."
II. DESCRIPTION
In the wClient-PHP package PHP_SELF is echoed back to the client
without proper sanitization leading to XSS issues.
WiKID mantainers have released a new version of the software (3.0-3)
that fixes exposed vulnerabilities and can be downloaded from the url:
http://www.wikidsystems.com/downloads/network-clients
Users that based their implementations on the code contained in
sample.php are advised to upgrade.
III. ANALYSIS
During a review of the wClient-PHP-3.0-1.tar.gz package (an additional
component of WiKID with network client functions) the following
vulnerabilities were identified in the sample code:
file sample.php, line 251: PHP_SELF insecure usage leads to XSS