VULHUB ™

A remote authentication bypass vulnerability affects Novell iChain. This issue is due to a failure of the application to properly implement security policies. It should be noted that this issue is only present if auto-created SSL certificates are used, internally signed certificates are used, or externally signed SSL certificates are used while the affected appliance has imported the ICS_TREE Selfsigned Certificate to iChains TrustedRoot Store while certificate mapping matches an internal user. It should also be noted that certificate matching can be achieved by an attacker with only an internal user's email address. A remote attacker may leverage this issue to bypass iChain identity-based authentication, granting them access to any protected network resources.

A remote authentication bypass vulnerability affects Novell iChain. This issue is due to a failure of the application to properly implement security policies. It should be noted that this issue is only present if auto-created SSL certificates are used, internally signed certificates are used, or externally signed SSL certificates are used while the affected appliance has imported the ICS_TREE Selfsigned Certificate to iChains TrustedRoot Store while certificate mapping matches an internal user. It should also be noted that certificate matching can be achieved by an attacker with only an internal user's email address. A remote attacker may leverage this issue to bypass iChain identity-based authentication, granting them access to any protected network resources.