WorkforceROI XPede Weak File Protection Vulnerability

XPede is web-based project accounting software. It is available for Microsoft Windows operating systems.

When a user submits an expense claim, the file is saved in the world-readable '/reports/temp' directory. By default this directory is indexable. Remote clients may be able to access the temporary reports of other users by accessing this directory.

Furthermore, the files may still be obtained if indexing has been disabled for the '/reports/temp' directory. For security reasons the filenames assigned are partially random. Unfortunately the scheme is weak: the random component of the filename is only 5 bytes in length and limited to alpha-numeric characters. This makes the space of possible filenames relatively small and easily exhausted by an automated guessing utility.


 

Privacy Statement
Copyright 2010, SecurityFocus