FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mod_pubcookie -- Empty Authentication Security Advisory

Affected packages
3.1.0 <= ap20-mod_pubcookie < 3.3.2b


VuXML ID 1ca8228f-858d-11e0-a76c-000743057ca2
Discovery 2006-10-04
Entry 2011-05-23

Nathan Dors, Pubcookie Project reports:

An Abuse of Functionality vulnerability in the Pubcookie authentication process was found. This vulnerability allows an attacker to appear as if he or she were authenticated using an empty userid when such a userid isn't expected. Unauthorized access to web content and applications may result where access is restricted to users who can authenticate successfully but where no additional authorization is performed after authentication.