Информационная безопасность
[RU] switch to English


Обход авторизации в OpenVAS Manager / OpenVAS Administrator
Опубликовано:9 декабря 2013 г.
Источник:
SecurityVulns ID:13447
Тип:удаленная
Уровень опасности:
5/10
Описание:Нет ограничения доступа к некоторым командам.
Затронутые продукты:OPENVAS : OpenVAS Manager 4.0
 OPENVAS : OpenVAS Administrator 1.3
CVE:CVE-2013-6766 (OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC.)
 CVE-2013-6765 (OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.)
Оригинальный текстdocumentOPENVAS, [OVSA20131108] OpenVAS Manager And OpenVAS Administrator Vulnerable To Partial Authentication Bypass (09.12.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород