| Título | Industrial Application Software - IAS Canias ERP 8.03-- Improper Authentication (CWE-287) |
|---|
| Descrição | A critical vulnerability exists in Industrial Application Software caniasERP 8.03 within the Java RMI Session Management component (default TCP port 27499). The vulnerability arises from two compounding architectural flaws:
- CWE-330 (Use of Insufficiently Random Values): The application generates predictable session identifiers using a non-random format: {USERNAME}_{HEX_COUNTER}. Since the hexadecimal counter is a globally incrementing value, active session IDs are enumerable and susceptible to brute-force or prediction attacks.
- CWE-287 (Improper Authentication): The server-side Java RMI interface (iasServerRemoteInterface.doAction) fails to perform session binding. It validates only the presence of a sessionId string within the active session table without verifying the request's origin via source IP address binding, TLS client certificates, or cryptographic challenge-response tokens.
An unauthenticated remote attacker can exploit these flaws to hijack any active user session. By supplying a predicted or intercepted sessionId in an iasClientRequest, the attacker can perform arbitrary operations with the privileges of the hijacked user.
Session: CRONJOB_76C9505833
User: CRONJOB
Session: CRONJOB_76C9505834
User: CRONJOB
Session: CRONJOB_76C9505836
User: CRONJOB |
|---|
| Utilizador | b1lal (UID 97312) |
|---|
| Submissão | 20/04/2026 17h03 (há 1 mês) |
|---|
| Moderação | 09/05/2026 09h19 (19 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 362433 [Industrial Application Software IAS Canias ERP 8.03 Java RMI Session Management iasServerRemoteInterface.doAction Autenticação fraca] |
|---|
| Pontos | 17 |
|---|