Unanet provides end-to-end services automation, its web-based software enables the management of people and projects from a single database. According to the company, it offers “one look and feel, and one connected set of applications.”
The issue, Trustwave security researchers say, resides in a code branch within the Unanet product that maintains a hardcoded user, unlisted in the users table of the database. This user, they explain, was initially identified via a user enumeration vulnerability.
The user cannot login directly but, because session cookies within Unanet function in a vulnerable manner, with zero entropy and no session timeouts, anyone can bypass the need to authenticate with this user. The construction of a Unanet session cookie, the researchers explain, includes UserID, username in uppercase, roles concatenated together with ‘^’, static cookie value, and digest.
http://www.securityweek.com/unanet-backdoor-allows-unauthenticated-access
That is why companies should be really careful when using backdoors, or better not use it at all. If its there, someone will find it and exploit it.
Loi, I totally agree with you on this one. Backdoor is nothing but a necessary evil the majority of times. Somehow, some way, it will be discovered and most likely by the bad guys. Organizations should stay away from creating backdoor because it auto-destructs.