=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN077
_____________________________________________________________________

DATE                      : 26/02/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running OpenCA.

======================================================================
http://www.kb.cert.org/vuls/id/264385
______________________________________________________________________

Vulnerability Note VU#264385

OpenCA allows Cross site request forgery (XSRF)

Overview

    OpenCA contains a cross site request forgery (XSRF) vulnerability
    that may allow an attacker to leverage an administrator's
    credentials to execute activities on the Certification Authority.

I. Description

    The OpenCA PKI Development Project is an open source out-of-the-box
    Certification Authority (CA). OpenCA includes various web forms
    for executing requests and other activities on the CA such as
    digital certificate issuance. A cross site request forgery (XSRF)
    vulnerability exists in the way OpenCA processes requests executed
    via various forms. By manipulating an administrator who is
    authenticated to the CA via a session cookie to follow a tag
    that contains CA commands, an attacker may be able to successfully
    execute the commands on the CA.

II. Impact

    An authenticated user can be manipulated into executing activities
    on the CA - such as digital certificate issuance - without
    knowledge or consent.

III. Solution

    This vulnerability has been addressed in Security Advisory
    AKLINK-SA-2008-001 https://www.cynops.de/advisories/CVE-2008-0556.txt.

Systems Affected

    Vendor       Status          Date Updated
    Open CA      Vulnerable      15-Feb-2008

References

    https://www.cynops.de/advisories/CVE-2008-0556.txt
    http://secunia.com/advisories/28951/
    http://www.owasp.org/index.php/XSRF

Credit

    This vulnerability was reported by Alexander Klink of Cynops
    GmbH.

    This document was written by Joseph W. Pruszynski.

Other Information

    Date Public              02/13/2008
    Date First Published     02/22/2008 04:41:00 PM
    Date Last Updated        02/25/2008
    CERT Advisory
    CVE Name                 CVE-2008-0556
    US-CERT Technical Alerts
    Metric                   2.39
    Document Revision        15


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================