Authentication Bypass

2020-02-2511:38:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

60.8%

JSON

centreon/centreon is vulnerable to authentication bypass. Changing a password on a profile page by a valid user causes the contact_autologin_key value in database filed to be blank instead of NULL, allowing to partially bypass the authentication.

CPENameOperatorVersion
centreon/centreonle19.10.1
centreon/centreonle18.10.11
centreon/centreonle2.99.5
centreon/centreonle19.04.4

Name	Operator	Version
centreon/centreon	le	19.10.1
centreon/centreon	le	18.10.11
centreon/centreon	le	2.99.5
centreon/centreon	le	19.04.4

References

documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html

documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html

github.com/centreon/centreon/commit/f82dd3c4e53d348dedf1541b1da06fbf72489aec

github.com/centreon/centreon/pull/8072

0.002 Low

EPSS

Percentile

60.8%

JSON

Related for VERACODE:22577