TikiWiki userslib.php Authentication Bypass

2003-02-07T17:49:03
ID OSVDB:7432
Type osvdb
Reporter OSVDB
Modified 2003-02-07T17:49:03

Description

Vulnerability Description

TikiWiki contains a flaw that may allow a remote attacker to bypass authentication settings. The problem is that the 'userslib.php' script does not validate user-supplied input, which may allow a remote attacker to gain unauthorized access resulting in a loss of confidentiality.

Solution Description

Upgrade to version 1.6.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

TikiWiki contains a flaw that may allow a remote attacker to bypass authentication settings. The problem is that the 'userslib.php' script does not validate user-supplied input, which may allow a remote attacker to gain unauthorized access resulting in a loss of confidentiality.

References:

Vendor URL: http://tikiwiki.org/ Vendor Specific Advisory URL