| Título | ColumbiaSoft Document Locator Authentication Bypass |
|---|
| Descripción | [Description]
The WebTools component of Document Locator allows remote attackers to bypass authentication by redirecting the application SQL login to a remote server to capture the application credentials.
[Additional Information]
The vulnerability was patched in Document Locator v7.2 SP4 and v2021.1.
[VulnerabilityType Other]
Authentication Bypass
[Vendor of Product]
ColumbiaSoft
[Affected Component]
The vulnerability lies in the Server field in the /api/authentication/login endpoint of the WebTools component.
[Attack Vectors]
Remote Web Request
[Discoverer]
Micah Van Deusen and Matt Biedronski
|
|---|
| Usuario | mvdeusen (UID 57334) |
|---|
| Sumisión | 2023-10-27 14:54 (hace 2 años) |
|---|
| Moderación | 2023-10-27 15:53 (60 minutes later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 243729 [ColumbiaSoft Document Locator antes 7.2 SP4/2021.1 WebTools login Server autenticación débil] |
|---|
| Puntos | 17 |
|---|