Thursday, December 27, 2012

ICS-CERT Publishes opLYNX Advisory

Today the DHS ICS-CERT published an advisory for i-GEN Solutions’ opLYNX Central application. The Advisory is based upon an authentication bypass vulnerability reported in a coordinated disclosure by Anthony Cicalla.

ICS-CERT reports that the vulnerability would allow a relatively unskilled attacker using publicly available tools to disable Javascript to remotely bypass the authentication on the system. A new version of opLYNX has been tested by the researcher who reports that it resolves the vulnerability.

Following an apparently common recent trend, i-GEN Solutions automatically installs the new version during logon and automatically applies it to the local system. It is nice to know that vendors have so thoroughly tested the revised version of the software that they know that it will properly work in all implementations of the system.

Interesting question: If i-GEN Solutions can change base program remotely, apparently without notification/permission, could an attacker infiltrate their enterprise system and do a mass change that would corrupt all user systems?

No comments:

/* Use this with templates/template-twocol.html */