Document Title:
===============
SOLV-DB - Transparent Requests
mosi Vulnerability ID (mvid):
===============
4
Discovery Status:
=============
Fixed
CVSSv2 Overall Score:
===============
3
CVSSv2 Vector:
==============
(AV:A/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:N/TD:H/CR:M/IR:M/AR:H)
https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:A/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:N/TD:H/CR:M/IR:M/AR:H)
Product & Service Introduction:
==============
The SOLV-DB is a central runner database used for simplifying the organisation and registration of runners for orienteering competitions in Switzerland and is provided by the Swiss Orienteering federation.
Every runner has it's own runner ID, which is central for the registration on events.
Abstract:
==============
Due to the lack of HTTPS the requests to the SOLV-DB are not encrypted. Sniffing the network traffic can be used to gather and steal confidential information.
Report Timeline:
==============
2016-11-29 - Vendor informed
2016-12-13 - Vendor reminder
2016-12-13 - Vendor acknowledgement
2016-12-13 - Vendor needs more time for solving
2017-01-19 - Experimental fix available, asking for implementation suggestions
2017-02-02 - Vendor finished implementation, fix approved by mosi Security Research
Affected Products:
=============
Swiss Orienteering Runner's Database
Exploitation Technique:
=============
Network sniffing
Security Level:
=============
Low
Weiterlesen: SOLV-DB - Transparent Requests (#mvid4)
Document Title:
===============
SOLV-DB - Session Takeover
mosi Vulnerability ID (mvid):
===============
3
Discovery Status:
=============
No Fix
CVSSv2 Overall Score:
===============
2.4
CVSSv2 Vector:
==============
(AV:N/AC:M/Au:M/C:N/I:P/A:N/E:POC/RL:U/RC:C/CDP:L/TD:H/CR:L/IR:L/AR:H)
https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:M/C:N/I:P/A:N/E:POC/RL:U/RC:C/CDP:L/TD:H/CR:L/IR:L/AR:H)
Product & Service Introduction:
==============
The SOLV-DB is a central runner database used for simplifying the organisation and registration of runners for orienteering competitions in Switzerland and is provided by the Swiss Orienteering federation.
Every runner has it's own runner ID, which is central for the registration on events.
Abstract:
==============
Simon Monai found a vulnerability in the database form, so he could take over a session of another user.
Report Timeline:
==============
2016-11-29 - Vendor Informed
2016-12-13 - Vendor reminder
2016-12-13 - Vendor acknowledgement
2016-12-13 - Vendor will not fix vulnerability
2016-12-18 - Public Disclosure
Affected Products:
=============
Swiss Orienteering Runner's Database - Online Form
Exploitation Technique:
=============
HTTP Form Manipulation (Remote)
Security Level:
=============
Low
Weiterlesen: SOLV-DB - Session Takeover (#mvid3)
Document Title:
===============
SOLV-DB - Runner ID changeable
mosi Vulnerability ID (mvid):
===============
2
Discovery Status:
=============
No Fix
CVSSv2 Overall Score:
===============
6.1
CVSSv2 Vector:
==============
(AV:N/AC:M/Au:S/C:N/I:C/A:N/E:POC/RL:U/RC:C/CDP:L/TD:H/CR:L/IR:M/AR:H)
https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:C/A:N/E:POC/RL:U/RC:C/CDP:L/TD:H/CR:L/IR:M/AR:H)
Product & Service Introduction:
==============
The SOLV-DB is a central runner database used for simplifying the organisation and registration of runners for orienteering competitions in Switzerland and is provided by the Swiss Orienteering federation.
Every runner has it's own runner ID, which is central for the registration on events.
Abstract:
==============
Simon Monai found a vulnerability in the database form, so he could change the runner's ID.
Report Timeline:
==============
2016-11-29 - Vendor information
2016-12-13 - Vendor reminder
2016-12-13 - Vendor acknowledgement
2016-12-13 - Vendor will not fix vulnerability
2016-12-18 - Public Disclosure
Affected Products:
=============
Swiss Orienteering Runner's Database - Online Form
Exploitation Technique:
=============
HTTP Form Manipulation (Remote)
Security Level:
=============
Medium
Weiterlesen: SOLV-DB - Runner ID changeable (#mvid2)
Document Title:
===============
entry.picoevents.ch – SOLV-DB exploit
mosi Vulnerability ID (mvid):
===============
1
CVSSv2 Overall Score:
===============
5.7
CVSSv2 Vector:
==============
(AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:ND/CDP:N/TD:H/CR:H/IR:M/AR:H)
https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:ND/CDP:N/TD:H/CR:H/IR:M/AR:H)
Product & Service Introduction:
==============
picoEvents provides an online registration and live result service to simplify the timekeeping in orienteering combined with SPORTident.
http://picoevents.ch/
Abstract:
==============
Simon Monai found a vulnerability in the source code of the registration formular. Using the exploit it is possible to gain the runner’s SOLV-ID* and his mail address apart of other information.
* The SOLV-ID is an unique identifier used for the runner’s database of the Swiss orienteering federation (SOLV).
Report Timeline:
==============
2016-08-31: Vendor information
2016-09-30: Vendor reminder
2016-09-30: Vendor response, asking for further information
2016-10-17: Further information submitted, vendor response
2016-10-31: Patch release
2016-10-31: Patch approved by mosi security research
2016-11-04: Public Disclosure
Discovery Status:
=============
Patched - Public Disclosure
Affected Products:
=============
picoEvents entry form
Exploitation Technique:
=============
Remote
Security Level:
=============
Medium
Weiterlesen: entry.picoevents.ch – SOLV-DB exploit (#mvid1)
