Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Ipswitch WhatsUp Gold LDAP Authentication Security Bypass Securit...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Ipswitch WhatsUp Gold LDAP Authentication Security Bypass Security Issue

Secunia Ipswitch WhatsUp Gold LDAP Authentication Security Bypass Security Issue
Secunia Official 9th Dec, 2011 23:06
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
A security issue has been reported in Ipswitch WhatsUp Gold, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to an unspecified error when handling authentication via LDAP and can be exploited to login without a valid password.

Successful exploitation requires that Active Directory is configured to allow anonymous binding (disabled by default).

The security issue is reported in versions prior to 15.0.1.

kgillis RE: Ipswitch WhatsUp Gold LDAP Authentication Security Bypass Security Issue
Member 9th Dec, 2011 23:06
Score: 0
Posts: 2
User Since: 9th Dec 2011
System Score: N/A
Location: US
Last edited on 10th Dec, 2011 00:00
To whom it may concern,


I'm the VP of Corporate Development and Customer Advocacy at Ipswitch (makers of WhatsUp Gold) and an issue has been escalated to me to resolve related to Secunia Vulnerability 45830 (Ipswitch WhatsUp Gold LDAP Authentication Security Bypass Security Issue).

The overall vulnerability is accurate except for one key sentence... This specific sentence is highly inaccurate and is impacting our business.
==> The security issue is reported in versions prior to 15.0.1." <==

PLEASE update asap to reflect that this issue ONLY exists in version 15.0. It does NOT exist in ANY other versions including 14.x or any prior versions. Also, a fix was released with version 15.01 in August, 2011 (http://www.whatsupgold.com/support/patch-upgrades....).

We are fans of and have interfaced with Secunia in the past but this post is inaccurate and causing us damage.

What is the process to correct this advisory asap?

Regards,

kevin r gillis
k@ipswitch.com
Was this reply relevant?
+0
-0
ddmarshall RE: Ipswitch WhatsUp Gold LDAP Authentication Security Bypass Security Issue
Dedicated Contributor 10th Dec, 2011 00:51
Score: 1205
Posts: 956
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Last edited on 10th Dec, 2011 00:51
If you want to be sure Secunia support see this, you should email support@secunia.com.

The advisory is only intended to apply to 15.x (as shown in the 'Software' item). Previous versions are listed as different products in the Secunia database. However, I can see that someone just coming across the advisory could be confused.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
kgillis RE: Ipswitch WhatsUp Gold LDAP Authentication Security Bypass Security Issue
Member 15th Dec, 2011 16:57
Score: 0
Posts: 2
User Since: 9th Dec 2011
System Score: N/A
Location: US
Last edited on 15th Dec, 2011 16:57
ddmarshall,

thanks, for your feedback and to Secunia for listening to and acting on our feedback! The Advisory was updated today and now shows the more accurate representation.

*** The security issue is reported in version 15.0. ***

regards,

kg
Was this reply relevant?
+0
-0


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability