| Titre | Industrial Application Software - IAS Canias ERP 8.03-- Improper Authentication (CWE-287) |
|---|
| Description | A critical vulnerability exists in Industrial Application Software caniasERP 8.03 within the Java RMI Session Management component (default TCP port 27499). The vulnerability arises from two compounding architectural flaws:
- CWE-330 (Use of Insufficiently Random Values): The application generates predictable session identifiers using a non-random format: {USERNAME}_{HEX_COUNTER}. Since the hexadecimal counter is a globally incrementing value, active session IDs are enumerable and susceptible to brute-force or prediction attacks.
- CWE-287 (Improper Authentication): The server-side Java RMI interface (iasServerRemoteInterface.doAction) fails to perform session binding. It validates only the presence of a sessionId string within the active session table without verifying the request's origin via source IP address binding, TLS client certificates, or cryptographic challenge-response tokens.
An unauthenticated remote attacker can exploit these flaws to hijack any active user session. By supplying a predicted or intercepted sessionId in an iasClientRequest, the attacker can perform arbitrary operations with the privileges of the hijacked user.
Session: CRONJOB_76C9505833
User: CRONJOB
Session: CRONJOB_76C9505834
User: CRONJOB
Session: CRONJOB_76C9505836
User: CRONJOB |
|---|
| Utilisateur | b1lal (UID 97312) |
|---|
| Soumission | 20/04/2026 17:03 (il y a 2 mois) |
|---|
| Modérer | 09/05/2026 09:19 (19 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 362433 [Industrial Application Software IAS Canias ERP 8.03 Java RMI Session Management iasServerRemoteInterface.doAction authentification faible] |
|---|
| Points | 17 |
|---|