Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.4.104
-
None
Description
Description:
The change password process does not require the user to enter his original password. If an attacker has hijacked the victims session or the victim has left his machine unlocked and an attacker has access to his machine with a valid JSPWiki session up, an attacker can change the victims password.
Recommendation:
Consider forcing the user to re-enter their original passwords to prevent attackers who have compromised the users session to also change his password and 1. gain unbound account access and 2. DOS the victim.
Related Code Locations:
18 findings:
Name: com.ecyrd.jspwiki.auth.UserManager.parseProfile(com.ecyrd.jspwiki.WikiContext):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 342 / 0
Context: request . javax.servlet.ServletRequest.getParameter ( "fullname" )
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.parseProfile(com.ecyrd.jspwiki.WikiContext):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 341 / 0
Context: request . javax.servlet.ServletRequest.getParameter ( "wikiname" )
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.parseProfile(com.ecyrd.jspwiki.WikiContext):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 339 / 0
Context: request . javax.servlet.ServletRequest.getParameter ( "loginname" )
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.parseProfile(com.ecyrd.jspwiki.WikiContext):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 339 / 0
Context: request . javax.servlet.ServletRequest.getParameter ( "loginname" )
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.parseProfile(com.ecyrd.jspwiki.WikiContext):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 342 / 0
Context: request . javax.servlet.ServletRequest.getParameter ( "fullname" )
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.getUserProfile(com.ecyrd.jspwiki.WikiSession):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 201 / 0
Context: user . java.security.Principal.getName ()
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.parseProfile(com.ecyrd.jspwiki.WikiContext):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 341 / 0
Context: request . javax.servlet.ServletRequest.getParameter ( "wikiname" )
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.parseProfile(com.ecyrd.jspwiki.WikiContext):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 355 / 0
Context: context . com.ecyrd.jspwiki.WikiContext.getWikiSession() . com.ecyrd.jspwiki.WikiSession.getLoginPrincipal() . java.security.Principal.getName ()
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.parseProfile(com.ecyrd.jspwiki.WikiContext):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 342 / 0
Context: request . javax.servlet.ServletRequest.getParameter ( "fullname" )
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.parseProfile(com.ecyrd.jspwiki.WikiContext):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 342 / 0
Context: request . javax.servlet.ServletRequest.getParameter ( "fullname" )
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.getUserProfile(com.ecyrd.jspwiki.WikiSession):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 188 / 0
Context: user . java.security.Principal.getName ()
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.parseProfile(com.ecyrd.jspwiki.WikiContext):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 342 / 0
Context: request . javax.servlet.ServletRequest.getParameter ( "fullname" )
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.parseProfile(com.ecyrd.jspwiki.WikiContext):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 339 / 0
Context: request . javax.servlet.ServletRequest.getParameter ( "loginname" )
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.parseProfile(com.ecyrd.jspwiki.WikiContext):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 341 / 0
Context: request . javax.servlet.ServletRequest.getParameter ( "wikiname" )
-----------------------------------
Name: JSPWiki_2_4_104.UserPreferences_jsp._jspService(javax.servlet.http.HttpServletRequest;javax.servlet.http.HttpServletResponse):void
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\web-root\JSPWiki.war\UserPreferences.jsp
Line / Col: 28 / 0
Context: "saveProfile" . java.lang.String.equals ( request . javax.servlet.ServletRequest.getParameter("action") )
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.parseProfile(com.ecyrd.jspwiki.WikiContext):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 342 / 0
Context: request . javax.servlet.ServletRequest.getParameter ( "fullname" )
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.parseProfile(com.ecyrd.jspwiki.WikiContext):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 339 / 0
Context: request . javax.servlet.ServletRequest.getParameter ( "loginname" )
-----------------------------------
Name: com.ecyrd.jspwiki.auth.UserManager.parseProfile(com.ecyrd.jspwiki.WikiContext):com.ecyrd.jspwiki.auth.user.UserProfile
Type: Vulnerability.Authentication
Severity: Medium
Classification: Vulnerability
File Name: Z:\jspwiki\JSPWiki_2_4_104\JSPWiki-src\src\com\ecyrd\jspwiki\auth\UserManager.java
Line / Col: 341 / 0
Context: request . javax.servlet.ServletRequest.getParameter ( "wikiname" )
-----------------------------------
Attachments
Attachments
Issue Links
- duplicates
-
JSPWIKI-45 Password change process should require old password
- Closed