Novell iChain has been reported prone to multiple unspecified remote vulnerabilities. The first issue reported is an access control bypass issue surrounding the processing of UTF-8 encoded strings. The second issue surrounds the manipulation of login credentials through a cross-site scripting vulnerability. The third issue is a denial of service vulnerability triggered when a malicious URL request is made against the server. A fourth issue surrounds an information disclosure vulnerability in the VIA header. The fifth issue surrounds the insecure transmission of password and username credentials. These issue might allow an attacker to carry out denial of service attacks against the affected computer, gain unauthorized access to the affected software, manipulate login credentials of unsuspecting users, disclose sensitive iChain configuration information, and steal authentication credentials transmitted insecurely over public networks. It should be noted that these issues reportedly...
Novell iChain has been reported prone to multiple unspecified remote vulnerabilities. The first issue reported is an access control bypass issue surrounding the processing of UTF-8 encoded strings. The second issue surrounds the manipulation of login credentials through a cross-site scripting vulnerability. The third issue is a denial of service vulnerability triggered when a malicious URL request is made against the server. A fourth issue surrounds an information disclosure vulnerability in the VIA header. The fifth issue surrounds the insecure transmission of password and username credentials. These issue might allow an attacker to carry out denial of service attacks against the affected computer, gain unauthorized access to the affected software, manipulate login credentials of unsuspecting users, disclose sensitive iChain configuration information, and steal authentication credentials transmitted insecurely over public networks. It should be noted that these issues reportedly affected iChain version 2.3, however it is likely that other versions are affected as well.
