+-----------------------------------------------------------------++ Netsweeper 4.0.8- Authentication Bypass (New Profile Creation)++-----------------------------------------------------------------+
Affected Product: Netsweeper
Vendor Homepage : www.netsweeper.com
Version :4.0.8(and probably other versions)
Discovered by : Anastasios Monachos (secuid0)-[anastasiosm (at) gmail (dot) com]
Patched : Yes
CVE : CVE-2014-9618+---------------------++ Product Description ++---------------------+
Netsweeper is a software solution specialized in content filtering.+----------------------++ Exploitation Details ++----------------------+
Netsweeper's 4.0.8(and probably other versions) Client Filter Admin portal can be reached at http://netsweeper/webadmin/clientlogin/and a username/password combination is required to Add a Profile, by setting the "action" parameter to "showdeny" it will force the admin interface to load and subsequently allow any non-authenticated user to create a new profile.
URL Path: http://netsweeper/webadmin/clientlogin/?srid=&action=showdeny&url=+----------++ Solution ++----------+
Upgrade to latest version.+---------------------++ Disclosure Timeline ++---------------------+24-Nov-2014: Initial Communication
03-Dec-2014: Netsweeper responded
03-Dec-2014: Shared full details to replicate the issue
10-Dec-2014: Netsweeper fixed the issue in releases 3.1.10,4.0.9,4.1.217-Dec-2014: New releases 3.1.10,4.0.9,4.1.2 made available to the public
18-Dec-2014: Confirm fix
17-Jan-2015: CVE assigned CVE-2014-961811-Aug-2015: Public disclosure
