| 제목 | ColumbiaSoft Document Locator Authentication Bypass |
|---|
| 설명 | [Description]
The WebTools component of Document Locator allows remote attackers to bypass authentication by redirecting the application SQL login to a remote server to capture the application credentials.
[Additional Information]
The vulnerability was patched in Document Locator v7.2 SP4 and v2021.1.
[VulnerabilityType Other]
Authentication Bypass
[Vendor of Product]
ColumbiaSoft
[Affected Component]
The vulnerability lies in the Server field in the /api/authentication/login endpoint of the WebTools component.
[Attack Vectors]
Remote Web Request
[Discoverer]
Micah Van Deusen and Matt Biedronski
|
|---|
| 사용자 | mvdeusen (UID 57334) |
|---|
| 제출 | 2023. 10. 27. PM 02:54 (2 연령 ago) |
|---|
| 모더레이션 | 2023. 10. 27. PM 03:53 (60 minutes later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 243729 [ColumbiaSoft Document Locator 전에 7.2 SP4/2021.1 WebTools login Server 약한 인증] |
|---|
| 포인트들 | 17 |
|---|