Required CVE Record Information
Description
The CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR (\r) sequences in the cosign cookie parameter.
References 4 Total
- securityfocus.com: 20070411 Cosign SSO Authentication Bypass mailing-list
- secunia.com: 24845 third-party-advisory
- http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-001.txt
- vupen.com: ADV-2007-1359 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- securityfocus.com: 20070411 Cosign SSO Authentication Bypass mailing-listx_transferred
- secunia.com: 24845 third-party-advisoryx_transferred
- http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-001.txt x_transferred
- vupen.com: ADV-2007-1359 vdb-entryx_transferred