[Japanese]

JVNDB-2012-000097

MosP kintai kanri vulnerable to authentication bypass

Overview

MosP kintai kanri contains an authentication bypass vulnerability.

MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an authentication bypass vulnerability.

Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 6.5 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

Affected Products


MIND CO.,LTD.
  • MosP kintai kanri prior to V4.1.0

Impact

An attacker with a MosP kintai kanri account may impersonate another user. As a result, information may be obtained and settings may be altered with the privilege of the user.
Solution

[Update the software]
Update to the latest version according to the information provided by the developer.
Vendor Information

MIND CO.,LTD.
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-4021
References

  1. JVN : JVN#52264310
  2. National Vulnerability Database (NVD) : CVE-2012-4021
Revision History

[2012/11/02]
  Web page was published