| 제목 | Industrial Application Software - IAS Canias ERP 8.03-- Improper Authentication (CWE-287) |
|---|
| 설명 | A critical vulnerability exists in Industrial Application Software caniasERP 8.03 within the Java RMI Session Management component (default TCP port 27499). The vulnerability arises from two compounding architectural flaws:
- CWE-330 (Use of Insufficiently Random Values): The application generates predictable session identifiers using a non-random format: {USERNAME}_{HEX_COUNTER}. Since the hexadecimal counter is a globally incrementing value, active session IDs are enumerable and susceptible to brute-force or prediction attacks.
- CWE-287 (Improper Authentication): The server-side Java RMI interface (iasServerRemoteInterface.doAction) fails to perform session binding. It validates only the presence of a sessionId string within the active session table without verifying the request's origin via source IP address binding, TLS client certificates, or cryptographic challenge-response tokens.
An unauthenticated remote attacker can exploit these flaws to hijack any active user session. By supplying a predicted or intercepted sessionId in an iasClientRequest, the attacker can perform arbitrary operations with the privileges of the hijacked user.
Session: CRONJOB_76C9505833
User: CRONJOB
Session: CRONJOB_76C9505834
User: CRONJOB
Session: CRONJOB_76C9505836
User: CRONJOB |
|---|
| 사용자 | b1lal (UID 97312) |
|---|
| 제출 | 2026. 04. 20. PM 05:03 (1 월 ago) |
|---|
| 모더레이션 | 2026. 05. 09. AM 09:19 (19 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 362433 [Industrial Application Software IAS Canias ERP 8.03 Java RMI Session Management iasServerRemoteInterface.doAction 약한 인증] |
|---|
| 포인트들 | 17 |
|---|