| タイトル | Industrial Application Software - IAS Canias ERP 8.03-- Improper Authentication (CWE-287) |
|---|
| 説明 | A critical vulnerability exists in Industrial Application Software caniasERP 8.03 within the Java RMI Session Management component (default TCP port 27499). The vulnerability arises from two compounding architectural flaws:
- CWE-330 (Use of Insufficiently Random Values): The application generates predictable session identifiers using a non-random format: {USERNAME}_{HEX_COUNTER}. Since the hexadecimal counter is a globally incrementing value, active session IDs are enumerable and susceptible to brute-force or prediction attacks.
- CWE-287 (Improper Authentication): The server-side Java RMI interface (iasServerRemoteInterface.doAction) fails to perform session binding. It validates only the presence of a sessionId string within the active session table without verifying the request's origin via source IP address binding, TLS client certificates, or cryptographic challenge-response tokens.
An unauthenticated remote attacker can exploit these flaws to hijack any active user session. By supplying a predicted or intercepted sessionId in an iasClientRequest, the attacker can perform arbitrary operations with the privileges of the hijacked user.
Session: CRONJOB_76C9505833
User: CRONJOB
Session: CRONJOB_76C9505834
User: CRONJOB
Session: CRONJOB_76C9505836
User: CRONJOB |
|---|
| ユーザー | b1lal (UID 97312) |
|---|
| 送信 | 2026年04月20日 17:03 (2 月 ago) |
|---|
| モデレーション | 2026年05月09日 09:19 (19 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 362433 [Industrial Application Software IAS Canias ERP 8.03 Java RMI Session Management iasServerRemoteInterface.doAction 弱い認証] |
|---|
| ポイント | 17 |
|---|