TWiki TWiki.TWikiRegistration action security bypass

twiki-action-security-bypass (27336) The risk level is classified as MediumMedium Risk

Description:

TWiki could allow a remote attacker to gain administrative privileges, caused by improper validation 'action' parameter when submitting the 'TWiki.TWikiRegistration' form. If the 'MapUserToWikiName' setting is enabled, a remote attacker could use a valid WikiName of a TWikiAdmin Group user and submit a modified registration form to obtain administrative access to the TWiki application.

Platforms Affected:

  • TWiki, TWiki 4.0.0
  • TWiki, TWiki 4.0.1
  • TWiki, TWiki 4.0.2

Remedy:

Upgrade to the latest version of TWiki (4.03 or later), available from the TWiki Web site. See References.

Consequences:

Bypass Security

References:

  • TWiki Web site, TWikiTM - A Web Based Collaboration Platform at http://twiki.org/.
  • VulnWatch Mailing List, Fri Jun 16 2006 - 21:59:27 CDT , TWiki Security Advisory: Privilege elevation with crafted registration form (CVE-2006-2942) at http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0032.html.
  • BID-18506: TWiki Homepage Creation Privilege Escalation Vulnerability
  • CVE-2006-2942: TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.
  • OSVDB ID: 26623: TWiki Registration Crafted form Element Account Hijack
  • SA20596: TWiki Registration Account Override Vulnerability
  • SECTRACK ID: 1016323: TWiki `TWiki.TWikiRegistration` Access Control Error Lets Remote Authenticated Users Gain Elevated Privileges
  • VUPEN/ADV-2006-2415: TWiki action Variable Handling Remote Administrative Registration Vulnerability

Reported:

Jun 16, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page