Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.12078
Category:Web application abuses
Title:FlexWATCH Authentication Bypassing
Summary:There is a vulnerability in the current version of FlexWATCH that allows an; attacker to access administrative sections without being required to authenticate.
Description:Summary:
There is a vulnerability in the current version of FlexWATCH that allows an
attacker to access administrative sections without being required to authenticate.

Vulnerability Impact:
An attacker may use this flaw to gain the list of user accounts on this system
and the ability to reconfigure this service.

This is done by adding an additional '/' at the beginning of the URL.

Solution:
No known solution was made available for at least one year since
the disclosure of this vulnerability. Likely none will be provided anymore. General solution options
are to upgrade to a newer release, disable respective features, remove the product or replace the
product by another one.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 8942
Common Vulnerability Exposure (CVE) ID: CVE-2003-1160
http://www.securityfocus.com/bid/8942
http://packetstormsecurity.nl/0310-exploits/FlexWATCH.txt
http://www.osvdb.org/2842
http://securitytracker.com/id?1008049
http://secunia.com/advisories/10132
XForce ISS Database: flexwatch-slash-admin-access(13567)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13567
CopyrightCopyright (C) 2005 Noam Rathaus

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.