Lucene search
John LeitchZDI-14-249HistoryJul 18, 2014 - 12:00 a.m.
Advantech WebAccess Remote Authentication Bypass Vulnerability
2014-07-1800:00:00
John Leitch
www.zerodayinitiative.com
14
0.025 Low
EPSS
Percentile
90.1%
This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChkCookieNoRedir function. By providing arbitrary values to certain fields, an attacker can receive a session authentication cookie despite receiving an error message.
Related
cve
cve
CVE-2014-2367
2014-07-19 05:09:27
nvd
nvd
CVE-2014-2367
2014-07-19 05:09:27
cvelist
cvelist
CVE-2014-2367
2014-07-19 01:00:00
prion
prion
Code injection
2014-07-19 05:09:00
ics
ics
Advantech WebAccess Vulnerabilities
2018-09-06 12:00:00
nessus
nessus
Advantech WebAccess < 7.2-2014.06.06 Multiple Vulnerabilities
2014-04-14 00:00:00
Advantech WebAccess < 7.2-2014.06.06 Multiple Vulnerabilities
2017-02-14 00:00:00