Flyspray is proudly sponsored by The Veloz Group
Table of Contents
Flypray Security Announcement 1
Flyspray Administrator authentication bypass (2007-03-16)
|Last Modified||2007-04-04 (added CVE references)|
|Author||Cristian Rodriguez <judas.iscariote at flyspray dot org>|
|Vendor Status||The Flyspray project has released an updated version|
|Discovered by||Stefan Esser <sesser at hardened-php dot net>|
Flyspray authentication system can be bypassed by sending a carefully crafted post request. To be vulnerable, PHP configuration directive output_buffering has to be disabled or set to a low value.
Proof of concept:
The Flyspray team will not release an example exploit to the public.
13. March 2007 - vulnerability discovered by Stefan Esser 13. March 2007 - possible solution discussed privately 13. March 2007 - Fix commited the SVN repository 16. March 2007 - Public disclosure.
We strongly recommend to upgrade to the new version.