TITLE: Billion BIPAC-640 AE Administrative Web Interface User Authentication Bypass SECUNIA ADVISORY ID: SA11813 VERIFY ADVISORY: http://secunia.com/advisories/11813/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Billion BIPAC-640 AE Broadband Firewall Gateway 3.x DESCRIPTION: Tommy A. Olsen has reported a vulnerability in Billion BIPAC-640 AE Broadband Firewall Gateway, which can be exploited by malicious people to bypass user authentication on the administrative web interface. The vulnerability is caused due to an unspecified error when processing HTTP requests. This can be exploited via specially crafted HTTP requests to bypass the user authentication on the administrative web interface completely. The vulnerability can reportedly be triggered by connecting with the Opera browser. Mozilla Firefox can also be used by pressing "cancel" a couple of times when a password prompt is displayed. The vulnerability has been reported in firmware version 3.33. Other versions may also be affected. SOLUTION: The vendor reports that the vulnerability has been fixed in version 3.35. http://www.billion.com/support/download/fd/fd4.htm Restrict access to the administrative web interface. PROVIDED AND/OR DISCOVERED BY: Tommy A. Olsen ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------