fex: authentication bypass
| Package(s): | fex | CVE #(s): | CVE-2011-1409 | ||||
| Created: | June 13, 2011 | Updated: | June 18, 2011 | ||||
| Description: | From the Debian advisory:
It was discovered that fex, a web service for transferring very large, files, is not properly validating authentication IDs. While the service properly validates existing authentication IDs, an attacker who is not specifying any authentication ID at all, can bypass the authentication procedure. | ||||||
| Alerts: |
| ||||||
Posted Jun 18, 2011 22:48 UTC (Sat)
by nlucas (guest, #33793)
[Link]
fex: authentication bypass
It's one of those tools sometimes one needs but it's too small to actually spend real time doing it, when you don't do any web development.