Alguest Grants Administrative Access to Remote Users
|
|
SecurityTracker Alert ID: 1007034
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 23 2003
|
Impact: User access via network
|
Version(s): 1.1b, 1.1c
|
Description: An authentication vulnerability was reported in the Alguest. A remote user can gain administrative access on the application.
SecurityFocus reported that a remote user can set a specific cookie when accessing the 'admin panel' to gain administrative access
to the application.
The report credits "MOD" <br014c1155@higrade.com.cy> with discovery, but did not indicate where the information
had been reported or if the vendor has been notified.
|
Impact: A remote user can gain administrator access to the application.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: sourceforge.net/projects/alguest/ (Links to External Site)
|
Cause: Authentication error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 21 Jun 2003 15:20:44 -0400
Subject: Alguest vulnerability
|
https://sourceforge.net/projects/alguest/
SecurityFocus reported a vulnerability in Alguest 1.1c and 1.1b. A remote user can
reportedly gain administrative access on the application by setting a specific cookie when
accessing the 'admin panel'.
The report credit s"MOD" <br014c1155@higrade.com.cy> with discovery.
|
|
