| Название | ColumbiaSoft Document Locator Authentication Bypass |
|---|
| Описание | [Description]
The WebTools component of Document Locator allows remote attackers to bypass authentication by redirecting the application SQL login to a remote server to capture the application credentials.
[Additional Information]
The vulnerability was patched in Document Locator v7.2 SP4 and v2021.1.
[VulnerabilityType Other]
Authentication Bypass
[Vendor of Product]
ColumbiaSoft
[Affected Component]
The vulnerability lies in the Server field in the /api/authentication/login endpoint of the WebTools component.
[Attack Vectors]
Remote Web Request
[Discoverer]
Micah Van Deusen and Matt Biedronski
|
|---|
| Пользователь | mvdeusen (UID 57334) |
|---|
| Представление | 27.10.2023 14:54 (2 лет назад) |
|---|
| Модерация | 27.10.2023 15:53 (60 minutes later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 243729 [ColumbiaSoft Document Locator перед 7.2 SP4/2021.1 WebTools login Server слабая аутентификация] |
|---|
| Баллы | 17 |
|---|