ID de Prueba:	1.3.6.1.4.1.25623.1.0.800304
Categoría:	Web application abuses
Título:	aflog Cookie-Based Authentication Bypass Vulnerability
Resumen:	aflog is prone to an cookie-based authentication bypass vulnerability.
Descripción:	Summary: aflog is prone to an cookie-based authentication bypass vulnerability. Vulnerability Insight: The flaw is due to inadequacy in verifying user-supplied input used for cookie-based authentication by setting the aflog_auth_a cookie to 'A' or 'O' in edit_delete.php, edit_cat.php, edit_lock.php, and edit_form.php. Vulnerability Impact: Exploitation will allow an attacker to gain administrative access and bypass authentication. Affected Software/OS: aflog versions 1.01 and prior on all running platform Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4784 BugTraq ID: 31894 http://www.securityfocus.com/bid/31894 https://www.exploit-db.com/exploits/6818 http://securityreason.com/securityalert/4524 XForce ISS Database: aflog-aflogautha-security-bypass(46083) https://exchange.xforce.ibmcloud.com/vulnerabilities/46083
Copyright	Copyright (C) 2008 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.