Description
The CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR (\r) sequences in the cosign cookie parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jon Oberheide · textwebappscgi
https://www.exploit-db.com/exploits/29842
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/465386/100/100/threaded
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24845
Vendor Advisory x_refsource_confirm
http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-001.txt
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1359
Scores
EPSS
0.0290
EPSS Percentile
86.4%
Details
Status
published
Products (12)
cosign/cosign
0.7.0
cosign/cosign
0.8.0
cosign/cosign
0.9.0
cosign/cosign
1.0
cosign/cosign
1.1
cosign/cosign
1.5
cosign/cosign
1.6
cosign/cosign
1.7
cosign/cosign
1.8
cosign/cosign
1.8.5
... and 2 more
Published
Apr 25, 2007
Tracked Since
Feb 18, 2026