CVE-2007-2233

Name of the Vulnerable Software and Affected Versions Cosign versions 2.0.2 and earlier

Description The issue allows remote authenticated users to perform unauthorized actions as an arbitrary user. This is achieved by using CR (r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.

Recommendations For Cosign versions 2.0.2 and earlier, update to a version later than 2.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the cosign-bin/cosign.cgi script to minimize the risk of exploitation. Avoid using the service parameter in the affected script until the issue is resolved.