Web Dictate Admin Null Password Vulnerability

2006-09-05T00:00:00
ID SECURITYVULNS:DOC:14149
Type securityvulns
Reporter Securityvulns
Modified 2006-09-05T00:00:00

Description

Web Dictate Admin Null Password Vulnerability

Software: Web Dictate Version: 1.02 Website: http://nchsoftware.com/

Description: Web Dictate is a dictation system that lets you record, edit and manage dictation over the internet. You, and other users, log into a server running Web Dictate to record dictation with any ordinary web browser.

Vulnerability: After assigning a password for the Admin account, it is possible to login as Admin with a null password.

Credit: Discovered by Revnic Vasile