JVN#98063934
BlackJumboDog authentication bypass vulnerability
Overview
BlackJumboDog from SapporoWorks contains an authentication bypass vulbnerability.
Products Affected
- BlackJumboDog Ver4.2.2 and earlier
Description
BlackJumboDog from SapporoWorks is a software that provides server functions for an intranet. BlackJumboDog contains an authentication bypass vulnerability
Impact
A remote attacker can bypass authentication of BlackJumboDog. As a result, the attacker gains access to the server and information may be disclosed.
Solution
Update the Software
Update to the latest version according to the information provided by the developers.
Vendor Status
| Vendor | Link |
| SapporoWorks |
Security Issue in the authentication mechanism for the BJD Web server (Japanese Only) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2008.12.25
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | Routed - can be attacked over the Internet using packets |
|
| Authentication | None - anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | None - the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | Low - little to no expertise and/or luck required to exploit (cross-site scripting) |
|
Credit
Tsuyoshi Ishibashi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2008-5721 |
| JVN iPedia |
JVNDB-2008-000086 |