ID CVE-2014-8686
Summary CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.
References
Vulnerable Configurations
  • cpe:2.3:a:codeigniter:codeigniter:2.1.4
    cpe:2.3:a:codeigniter:codeigniter:2.1.4
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
metasploit via4
description Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open to attack from users without the need for authentication. The cookie can be easily decrypted using a known static encryption key and re-encrypted once the PHP object string has been modified. This module has been tested on the STBN300 device.
id MSF:EXPLOIT/LINUX/HTTP/SEAGATE_NAS_PHP_EXEC_NOAUTH
last seen 2019-03-22
modified 2017-07-24
published 2015-03-01
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/seagate_nas_php_exec_noauth.rb
title Seagate Business NAS Unauthenticated Remote Command Execution
packetstorm via4
data source https://packetstormsecurity.com/files/download/130609/seagate_nas_php_exec_noauth.rb.txt
id PACKETSTORM:130609
last seen 2016-12-05
published 2015-03-02
reporter OJ Reeves
source https://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html
title Seagate Business NAS Unauthenticated Remote Command Execution
refmap via4
confirm https://codeigniter.com/userguide2/changelog.html
misc
the hacker news via4
id THN:88621B70C7F5EC61ED5F438C1F1EF3E0
last seen 2018-01-27
modified 2015-03-02
published 2015-03-01
reporter Swati Khandelwal
source https://thehackernews.com/2015/03/seagate-nas-device-vulnerability.html
title Seagate NAS Zero-Day Vulnerability allows Unauthorized Root Access Remotely
Last major update 19-09-2017 - 15:29
Published 19-09-2017 - 15:29
Last modified 28-09-2017 - 14:19
Back to Top