BugTraq
CVE-2014-5516 CSRF protection bypass in "KonaKart" Java eCommerce product Sep 20 2014 09:12PM
Christian Schneider (mail Christian-Schneider net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-5516
===================
"Cross-Site Request Forgery (CSRF) protection bypass" (CWE-352) vulnerability
in "KonaKart Storefront Application" Enterprise Java eCommerce product

Vendor
===================
DS Data Systems (UK) Ltd.

Product
===================
"KonaKart is an affordable java based shopping cart software solution for online retailers.
Let KonaKart help increase your eCommerce sales."
- source: http://www.konakart.com

"KonaKart is a Java eCommerce system aimed at medium to large online retailers."
- source: https://en.wikipedia.org/wiki/KonaKart

Affected versions
===================
This vulnerability affects versions of KonaKart Storefront Application prior to 7.3.0.0

Patch
===================
The vendor has released a XSRF fix as part of version 7.3.0.0 at
http://www.konakart.com/downloads/ver-7-3-0-0-whats-new

Reported by
===================
This issue was reported to the vendor by Christian Schneider (@cschneider4711)
following a responsible disclosure process.

Severity
===================
Medium

Description
===================
The existing CSRF protection token was checked for every POST request
properly. When modifying the request from POST method to GET method
all state-changing actions worked as well, but the CSRF token protection
was no longer enforced, allowing CSRF attacks.

Escalation potential
====================
Exploitation demonstration was responsibly provided along with the vulnerability
report to the vendor, which changed a victim's mail address (using the CSRF
protection bypass) to an attacker-supplied mail address, allowing a successful
reset of victim's account password by the attacker.

Timeline
===================
2014-05-02 Vulnerability discovered
2014-05-02 Vulnerability responsibly reported to vendor
2014-05-02 Reply from vendor acknowledging report
2014-??-?? Vendor released patch as part of version 7.3.0.0
2014-09-20 Advisory published via BugTraq

References
===================
http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
http://www.christian-schneider.net/advisories/CVE-2014-5516.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAlQd69cACgkQXYAsOfddvFOTVACgr/f5+x5kf60t5LaCqhH0pvSY
QYoAnjiI0WSa3iGuw/OfXk3/vLV+liFm
=61mn
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus