CVE-2018-7739 in antmaninfo

Summary

antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the login process uses Java's ProcessBuilder class and a bash script called antsle-auth with insufficient input validation.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

03/06/2018

Disclosure

03/06/2018

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
114164antsle antman Web Management Console login ProcessBuilder access control264Proof-of-ConceptOfficial fixCVE-2018-7739

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!