Flyspray Security Announcement 1
Flyspray Administrator authentication bypass (2007-03-16)
- Release Date
- Last Modified
- 2007-04-04 (added CVE references)
- Cristian Rodriguez
- Flyspray 0.9.9
- Vendor Status
- The Flyspray project has released an updated version
- http://www.flyspray.org/devel/security/fsa1, CVE-2007-1788
- Discovered by
- Stefan Esser
- 13, March 2007 - vulnerability discovered by Stefan Esser
- 13, March 2007 - possible solution discussed privately
- 13, March 2007 - Fix commited the SVN repository
- 16, March 2007 - Public disclosure.
Flyspray authentication system can be bypassed by sending a carefully crafted post request. To be vulnerable, PHP configuration directive output_buffering has to be disabled or set to a low value.
Proof of concept
The Flyspray team will not release an example exploit to the public.
We strongly recommend to upgrade to the new version.