Security Alert: Sharepoint Vulnerability Could Lead to Theft of User Credentials

 
 
By eweek  |  Posted 2004-04-06 Print this article Print
 
 
 
 
 
 
 

Security watchers at iDefense noted that remote exploitation of a cross-site scripting (XSS) vulnerability in Microsoft Corp.'s SharePoint Portal Server 2001 allows for the theft of user credentials.

Editors Note: A security alert is presented daily to eWEEK.com readers by iDefense Inc., a security research company based in Reston, Va. Severity: Medium Analysis: Remote exploitation of a cross-site scripting (XSS) vulnerability in Microsoft Corp.s SharePoint Portal Server 2001 allows for the theft of user credentials.
Microsoft SharePoint Portal Server is an enterprise application that gives users the ability to create web portals with integrated document management services. The problem specifically exists in the way that the server sanitizes user-supplied data. Information such as cookies and website history are susceptible to being viewed by a remote entity.
Exploitation of this vulnerability requires a user to be socially engineered into following a malicious link. Once this is accomplished, an attacker can acquire cookie information, credentials and system information of the user. Detection: Microsoft SharePoint Portal Server 2001 SP1/SP2/SP2A are vulnerable. Exploit: iDEFENSE is currently unaware of any publicly available exploit code for this issue; however, the issue is trivially exploitable. Vendor Fix: Microsoft has provided a fix for this vulnerability in the form of a service pack that is available at the link shown. SharePoint Portal Server 2001 SP3: http://support.microsoft.com/?kbid=837017 iDefense provides security intelligence to governments and Fortune 1000 organizations, and provides this daily threat alert to eWEEK.com Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis. Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:  
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel