Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> CGI abuses >> CitrusDB Remote Authentication Bypass Vulnerability

Vulnerability Assessment Details

CitrusDB Remote Authentication Bypass Vulnerability
Vulnerability Assessment Summary
Acertains the presence of CitrusDB

Detailed Explanation for this Vulnerability Assessment

The remote host is running CitrusDB, an open source customer database
application written in PHP.


This version of CitrusDB is vulnerable to an Authentication bypass
vulnerability in the way it handles cookies based authentication.

A possible hacker, to exploit this flaw, needs to know a valid username.
By default CitrusDB comes with admin user. A possible hacker will just need
to send a MD5 hash of username + 'boogaadeeboo' as cookie to be
authenticated as administrator.

Solution : Upgrade to a newer version when available
Network Security Threat Level: High

Networks Security ID: 12560, 12557

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security
Cables, Connectors


SanDisk 32GB Ultra Dual Drive USB Type-C, USB 3.1 Flash Drive - SDDDC2-032G-G46 picture

SanDisk 32GB Ultra Dual Drive USB Type-C, USB 3.1 Flash Drive - SDDDC2-032G-G46

$10.99


SanDisk 512GB Ultra Drive Dual Go USB Type-C Flash Drive Green SDDDC3-512G-G46G picture

SanDisk 512GB Ultra Drive Dual Go USB Type-C Flash Drive Green SDDDC3-512G-G46G

$49.99


SanDisk 128GB Ultra Flair USB 3.0 Flash Drive - SDCZ73-128G-G46 picture

SanDisk 128GB Ultra Flair USB 3.0 Flash Drive - SDCZ73-128G-G46

$12.99


SanDisk 16GB Ultra USB 3.0 Flash Drive - SDCZ48-016G-U46 picture

SanDisk 16GB Ultra USB 3.0 Flash Drive - SDCZ48-016G-U46

$6.25


Sandisk 16GB 32GB 64GB 128GB Cruzer Blade Flash Drive Memory Stick USB Lot Pack picture

Sandisk 16GB 32GB 64GB 128GB Cruzer Blade Flash Drive Memory Stick USB Lot Pack

$4.99


Mechanical Style Flash Drive USB 3.0 High Speed 16TB Large Capacity Waterproof picture

Mechanical Style Flash Drive USB 3.0 High Speed 16TB Large Capacity Waterproof

$8.37


Lenovo USB 16TB 3.0 USB Flash Drive Thumb Disk Silver Transfer Metal Memory picture

Lenovo USB 16TB 3.0 USB Flash Drive Thumb Disk Silver Transfer Metal Memory

$24.99


New TESLA OEM Model S,3,X,Y USB Flash Drive for Dashcam & Sentry Mode 128GB picture

New TESLA OEM Model S,3,X,Y USB Flash Drive for Dashcam & Sentry Mode 128GB

$18.99


USB Flash Drive Memory Stick Pendrive Thumb Drive 4GB, 8GB, 32GB, 64GB 128GB LOT picture

USB Flash Drive Memory Stick Pendrive Thumb Drive 4GB, 8GB, 32GB, 64GB 128GB LOT

$249.37


Lot USB Flash Drive Memory Stick Pendrive Thumb Drive 2GB,4GB, 8G, 32G, 64G 128G picture

Lot USB Flash Drive Memory Stick Pendrive Thumb Drive 2GB,4GB, 8G, 32G, 64G 128G

$414.85


Discussions

No Discussions have been posted on this vulnerability.