Home page logo

bugtraq logo Bugtraq mailing list archives

Falcon Web Server Authentication Circumvention Vulnerability
From: Strumpf Noir Society <vuln-dev () labs secureance com>
Date: Wed, 13 Feb 2002 21:18:15 +0100

Strumpf Noir Society Advisories
! Public release !

-= Falcon Web Server Authentication Circumvention Vulnerability =-

Release date: Wednesday, February 13, 2002


Falcon Web Server is a ISAPI and WinCGI supporting web server running
on the Microsoft Windows OS's.

Falcon Web Server is available from vendor BlueFace's web site:


Falcon Web Server supports virtual directory mapping and allows the
server administrator to use a user-authentication scheme to protect
the content of these directories. Due to a problem in the parsing
of requests made to said directories however, it is possible to
circumvent this authentication scheme and access any file in a
protected directory without supplying the proper credentials.

This can be done through adding an additional backslash at the beginning
of the virtual path. For example, the server comes with one such path
to a directory 'test' pre-configured, which requires authentication to
be accessed. A direct request to this directory ('http://server/test/&apos;)
without supplying the proper credentials will return a 401 Unauthorized
error. Requesting the same directory as 'http://server//test/&apos; however,
will allow the user access without authenticating.



Vendor has been notified and has adressed this issue by releasing build for the Falcon Web Server Standard and SSL editions. This has
been tested against Falcon Web Server builds and
on Win2k.


SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html) 
compliant, all information is provided on AS IS basis.

EOF, but Strumpf Noir Society will return!

  By Date           By Thread  

Current thread:
  • Falcon Web Server Authentication Circumvention Vulnerability Strumpf Noir Society (Feb 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]