Trustwave SpiderLabs Security Advisory TWSL2017-004: Unauthenticated Backdoor Access in Unanet Published: 02/08/2017 Version: 1.0 Vendor: Unanet Product: Unanet Version affected: All versions prior to Unanet versions 10.0.51, 10.1.43, and 10.2.5 Product description: Unanet is a project-management solution with a web interface. Finding 1: Unauthenticated Backdoor Access Credit: Chaim Sanders of Trustwave SpiderLabs The default configuration of the Unanet web application has a backdoor that can allow unauthenticated users to login and manipulate the user accounts and the roles they maintain. This vulnerability is due to a code branch that exists within the product. This code allows the product to maintain a hardcoded user that is unlisted in the users table of the database. The steps to reproduce the finding include the following: 1. Navigate to a Unanet site. 2. Open up a proxy such as Burp. 3. Proxy the initial login page through Burp 4. Add the ‘Cookie: unanetAccess=0%7CUNANET%7C__unanetAdministrator__%7C477c49a990eeabde873313578ce1daeb’ to the report 5. Forward the request and you will be logged into the application as Unanet Remediation Steps: Fixes for this issue were released in Unanet versions 10.0.51, 10.1.43, and 10.2.5. Revision History: 08/26/2016 - Vulnerability disclosed to vendor 10/17/2016 - Update requested, Response received 01/09/2017 - Patches released for this issue 02/08/2017 - Advisory published About Trustwave: Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com. About Trustwave SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.