Published:2006/01/12  Last Updated:2008/05/21

JVN#836B21C0
Nagasaki Electronic Prefectural Office System vulnerable to bypass authentication

Overview

Nagasaki Prefectural Government has developed an open source electronic prefectural office system. Some of the system contain a vulnerability to bypass authentication.

Products Affected

  • Nagasaki Electronic Prefectural Office System main menu
  • Nagasaki Electronic Prefectural Office System's annual holiday system
  • Nagasaki Electronic Prefectural Office System's web personnel directory
  • Nagasaki Electronic Prefectural Office System's archive system

Description

Impact

A remote attacker could bypass the user authentication process. As a result, an attacker could view or falsify information in the system.

Solution

Vendor Status

Vendor Link
Nagasaki Electronic Prefectural Office System Open Source Toppage

References

JPCERT/CC Addendum

Credit

Hiromitsu Takagi of Research Center for Information Security (RCIS) National Institute of Advanced Industrial Science and Technology (AIST), Japan reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2006-000599

Update History