Computer Security
[EN] securityvulns.ru no-pyccku


OpenVAS Manager / OpenVAS Administrator authentication bypass
Published:09.12.2013
Source:
SecurityVulns ID:13447
Type:remote
Threat Level:
5/10
Description:Access to some commands is not authenticated.
Affected:OPENVAS : OpenVAS Manager 4.0
 OPENVAS : OpenVAS Administrator 1.3
CVE:CVE-2013-6766 (OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC.)
 CVE-2013-6765 (OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.)
Original documentdocumentOPENVAS, [OVSA20131108] OpenVAS Manager And OpenVAS Administrator Vulnerable To Partial Authentication Bypass (09.12.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod