Flyspray Administrator authentication bypass (2007-03-16)
- Release Date
- 2007-03-16
- Last Modified
- 2007-04-04 (added CVE references)
- Author
- Cristian Rodriguez </dd>
- Application
- Flyspray 0.9.9
- Risk
- High
- Vendor Status
- The Flyspray project has released an updated version
- References
- <http://www.flyspray.org/devel/security/fsa1>, [CVE-2007-1788](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1788)
- Discovered by
- Stefan Esser </dd>
#### Details
Flyspray authentication system can be bypassed by sending a carefully crafted post request.
To be vulnerable, PHP configuration directive output_buffering has to be disabled or set to a low value.
#### Proof of concept
The Flyspray team will not release an example exploit to the public.
#### Disclosure Timeline
1. 13, March 2007 - vulnerability discovered by Stefan Esser
2. 13, March 2007 - possible solution discussed privately
3. 13, March 2007 - Fix committed the SVN repository
4. 16, March 2007 - Public disclosure.
#### Recommendation
We strongly recommend to upgrade to the new version.