3 matches found
CVE-2013-6766
OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENTAUTHENTIC...
CVE-2013-6766
OpenVAS Administrator (and Manager) is affected by an authentication bypass (CVE-2013-6766) where processing OMP/OAP version-info requests incorrectly sets the client state to CLIENT_AUTHENTIC, allowing unauthorized OAP commands. Affected: OpenVAS Administrator 1.2.x before 1.2.2 and 1.3.x before...
[OVSA20131108] OpenVAS Manager And OpenVAS Administrator Vulnerable To Partial Authentication Bypass
Summary It has been identified that OpenVAS Manager and OpenVAS Administrator are vulnerable to authentication bypass due to an incorrect state assignment when processing OMP and OAP requests. It has been identified that this vulnerability may allow unauthorised access to OpenVAS Manager and...