Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22154
HistoryJul 13, 2009 - 12:00 a.m.

DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass

2009-07-1300:00:00
vulners.com
39
logrover
sql injection
authentication bypass
digital defense inc.
vulnerability
windows xp
web interface
remote attackers
internal networks
trusted users
vendor contact

Title

DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass

Severity

Medium

Date Discovered

May 12, 2009

Discovered By

Digital Defense, Inc. Vulnerability Research Team
Credit: Geoff Humes and r@b13$

Vulnerability Description

The login screen of the LogRover web interface is vulnerable to a SQL Injection which can allow remote attackers to
login to the system via an authentication bypass.

Solution Description

Limit access to the login page to internal networks and trusted users only.

Tested Systems / Software (with versions)

LogRover version 2.3 for Windows XP

Vendor Contact

Name: LogRover
Website: http://www.logrover.com/