Unanet provides end-to-end services automation, its web-based software enables the management of people and projects from a single database. According to the company, it offers “one look and feel, and one connected set of applications.”
The issue, Trustwave security researchers say, resides in a code branch within the Unanet product that maintains a hardcoded user, unlisted in the users table of the database. This user, they explain, was initially identified via a user enumeration vulnerability.
The user cannot login directly but, because session cookies within Unanet function in a vulnerable manner, with zero entropy and no session timeouts, anyone can bypass the need to authenticate with this user. The construction of a Unanet session cookie, the researchers explain, includes UserID, username in uppercase, roles concatenated together with ‘^’, static cookie value, and digest.
http://www.securityweek.com/unanet-backdoor-allows-unauthenticated-access
Loi Van Tran says
That is why companies should be really careful when using backdoors, or better not use it at all. If its there, someone will find it and exploit it.
Mauchel Barthelemy says
Loi, I totally agree with you on this one. Backdoor is nothing but a necessary evil the majority of times. Somehow, some way, it will be discovered and most likely by the bad guys. Organizations should stay away from creating backdoor because it auto-destructs.