3 matches found
CVE-2018-7739
antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the...
CVE-2018-7739
CVE-2018-7739 affects Antsle’s antMan web management console (pre-0.9.1a). A remote attacker can bypass authentication by sending invalid characters in the username and password to the /login URI. The login flow uses Java’s ProcessBuilder to invoke a root-privileged bash script (antsle-auth) with...
CVE-2018-7739
antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the...