[Japanese]

JVNDB-2013-000035

Online Service Gate vulnerable in Office 365 password management

Overview

Online Service Gate contains a vulnerability in Office 365 password management.

Online Service Gate provided by SoftBank Technology is a solution to manage the use of Office 365 which allows a system administrator to manage Office 365 users' passwords. Office 365 users' passwords are intended to be managed by a system administrator and cannot be obtained by users. OWA Helper and OSG Lite provided by Online Service Gate contain a vulnerability which allows users to obtain their own Office 365 passwords.
CVSS Severity (What is CVSS?)

Base Metrics: 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

Affected Products

Following program provided by all versions of Online Service Gate

SoftBank Technology Corp.
  • Online Service Gate OWA Helper
  • Online Service Gate OSG Lite

Impact

By obtaining a Office 365 password, a user can bypass the restriction of Online Service Gate to use Office 365.
Solution

[Update the Software]
The developer states that updates are applied automatically. Therefore users are not required to manually apply an update for the product.
Vendor Information

SoftBank Technology Corp.
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2013-2308
References

  1. JVN : JVN#61972596
  2. National Vulnerability Database (NVD) : CVE-2013-2308
Revision History

[2013/05/08]
  Web page was published