-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"Cross-Site Request Forgery (CSRF) protection bypass" (CWE-352) vulnerability
in "KonaKart Storefront Application" Enterprise Java eCommerce product
DS Data Systems (UK) Ltd.
"KonaKart is an affordable java based shopping cart software solution for online retailers.
Let KonaKart help increase your eCommerce sales."
"KonaKart is a Java eCommerce system aimed at medium to large online retailers."
This vulnerability affects versions of KonaKart Storefront Application prior to 7.3.0.0
The vendor has released a XSRF fix as part of version 7.3.0.0 at
http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
This issue was reported to the vendor by Christian Schneider (@cschneider4711)
following a responsible disclosure process.
Medium
The existing CSRF protection token was checked for every POST request
properly. When modifying the request from POST method to GET method
all state-changing actions worked as well, but the CSRF token protection
was no longer enforced, allowing CSRF attacks.
Exploitation demonstration was responsibly provided along with the vulnerability
report to the vendor, which changed a victim's mail address (using the CSRF
protection bypass) to an attacker-supplied mail address, allowing a successful
reset of victim's account password by the attacker.
2014-05-02 Vulnerability discovered
2014-05-02 Vulnerability responsibly reported to vendor
2014-05-02 Reply from vendor acknowledging report
2014-??-?? Vendor released patch as part of version 7.3.0.0
2014-09-20 Advisory published via BugTraq
http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
http://www.christian-schneider.net/advisories/CVE-2014-5516.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAlQd69cACgkQXYAsOfddvFOTVACgr/f5+x5kf60t5LaCqhH0pvSY
QYoAnjiI0WSa3iGuw/OfXk3/vLV+liFm
=61mn
-----END PGP SIGNATURE-----