| タイトル | ColumbiaSoft Document Locator Authentication Bypass |
|---|
| 説明 | [Description]
The WebTools component of Document Locator allows remote attackers to bypass authentication by redirecting the application SQL login to a remote server to capture the application credentials.
[Additional Information]
The vulnerability was patched in Document Locator v7.2 SP4 and v2021.1.
[VulnerabilityType Other]
Authentication Bypass
[Vendor of Product]
ColumbiaSoft
[Affected Component]
The vulnerability lies in the Server field in the /api/authentication/login endpoint of the WebTools component.
[Attack Vectors]
Remote Web Request
[Discoverer]
Micah Van Deusen and Matt Biedronski
|
|---|
| ユーザー | mvdeusen (UID 57334) |
|---|
| 送信 | 2023年10月27日 14:54 (2 年 ago) |
|---|
| モデレーション | 2023年10月27日 15:53 (60 minutes later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 243729 [ColumbiaSoft Document Locator 以前は 7.2 SP4/2021.1 WebTools login Server 弱い認証] |
|---|
| ポイント | 17 |
|---|