AWCM Cookie Authentication Bypass and Multiple Security Bypass Vulnerabilities

Summary

AWCM is prone to an authentication-bypass and multiple security-bypass vulnerabilities.

Credit:

The information has been provided by Sooel Son.


Details

Vulnerable Systems:
 * AWCM 2.2

AWCM could allow a remote attacker to bypass security restrictions, caused by an error in the cookie_gen.php script. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass the authentication process to forge a cookie.

CVE Information:
CVE-2012-2437

Disclosure Timeline:
Published:November 08 2012
Updated:November 08 2012

Categories: News