LedgerSMB login.pl redirect Variable Authentication Bypass

2007-07-18T18:11:28
ID OSVDB:38219
Type osvdb
Reporter OSVDB
Modified 2007-07-18T18:11:28

Description

Solution Description

Upgrade to version 1.2.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965 Vendor Specific News/Changelog Entry: http://www.ledgersmb.org/node/52 Secunia Advisory ID:26121 Other Advisory URL: http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0178.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0186.html ISS X-Force ID: 35507 FrSIRT Advisory: ADV-2007-2576 CVE-2007-3907 Bugtraq ID: 24940