| Title | ColumbiaSoft Document Locator Authentication Bypass |
|---|
| Description | [Description]
The WebTools component of Document Locator allows remote attackers to bypass authentication by redirecting the application SQL login to a remote server to capture the application credentials.
[Additional Information]
The vulnerability was patched in Document Locator v7.2 SP4 and v2021.1.
[VulnerabilityType Other]
Authentication Bypass
[Vendor of Product]
ColumbiaSoft
[Affected Component]
The vulnerability lies in the Server field in the /api/authentication/login endpoint of the WebTools component.
[Attack Vectors]
Remote Web Request
[Discoverer]
Micah Van Deusen and Matt Biedronski
|
|---|
| User | mvdeusen (UID 57334) |
|---|
| Submission | 10/27/2023 14:54 (2 years ago) |
|---|
| Moderation | 10/27/2023 15:53 (60 minutes later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 243729 [ColumbiaSoft Document Locator prior 7.2 SP4/2021.1 WebTools login Server improper authentication] |
|---|
| Points | 17 |
|---|