Reported September 11, 2000 by Delphis Consulting

VERSIONS AFFECTED
  • WebClerk Server

DESCRIPTION

WebClerk will consume all available CPU for a period of time when extra long strings are sent as username and password responses via a modified sign on HTML page.

DEMONSTRATION

By making a local copy of the web page, modifying it, then submitting a large username and password to the server a malicious user is able to cause the denial of service.  

VENDOR RESPONSE

According to Delphis Consulting, the vendor has been notified but no response has been recieved.

CREDIT
Discovered by Delphis Consulting