[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Authentix Security Advisory

Title: Authentix Security Advisory
Released by: Lisa Saarloos
Date: 1st November 2000
Printable version: Click here
Security advisory: Authentix100

Release Date: 1 november 2000

Vendor: Flicks Software (http://www.flicks.com)

** Product Description

Authentix is a Windows-based product that offers cookie/form-based or 100%

cookie-free "Basic Authentication" website protection while keeping NT

Users Names and Passwords private. It protects all files, not just ASP

pages. It can validate against an internal database, a text file or an

external ODBC datasource. It requires Windows NT or Windows 2000 and IIS.

More information on Authentix can be found on


** Versions affected

All versions prior to version 5.3.

To check your current version number, start Authentix from the Start

Menu/Flicks Software, and look in the About box.

** Problem description

By using special characters in the URL combined with some special

circumstances it is possible to bypass the authentification mechanism of

Authentix100, thus not receiving a login-prompt. This allows arbitrary

users to view information that was not intented to be seen by them.

** Patch availability

Knowing the importance that Authentix100 plays in authentification methods,

Flicks Software has released version 5.3 of Authentix100.

All users of Authentix100 are strongly encouraged to upgrade to the latest

version of Authentix100 at


This upgrade, similar to the cost of the original product, is FREE.

** Technical support and contact

Please direct ALL questions regarding this issue to Scott Gordon at

scott@flicks.com. Emailing your questions will allow us to address your

concerns in the fastest manner possible.

** Credits

This bug was originally brought to the attention of Flicks Software by Lisa

Saarloos. She would like to thank Flicks Software for there cooperation in

resolving this issue and their prompt and kind response.

Beheer Magnashop International


Zeestraat 78


The Netherlands

+31 70 3604848

(C) 1999-2000 All rights reserved.