COMMAND

	Ecartis Password Reseting Vulnerability

SYSTEMS AFFECTED

	Ecartis 1.0.0 (at least)

PROBLEM

	Haluk AYDIN [haydin@biznet.com.tr] found :
	
	A vulnerability enables an attacker  to  reset  passwords  of  any  user
	defined on the list server, including the list admins.
	
	After logging on as a non-priviledged user, Ecartis enables the user  to
	change his/her password, but does not ask for the  old  one.  The  first
	time I have seen this,  I  thought  that  the  software  relies  on  the
	session cookie, but it seems this is not the case.
	
	The html page contains  the  username  in  the  "hidden"  fields.  After
	saving the page  on  disk,  then  replacing  all  "hidden"  fields  with
	another username which is defined in the server, and reloading the  page
	again we can try our chance to change the password.  Just  fill  in  the
	empty password fields with a password of your choice, and click  "Change
	Password": there you are... You have just reset the victim's password.

SOLUTION

	?