Vulnerabilities > CVE-2004-2254 - Authentication Bypass vulnerability in SurgeLDAP Web Administration

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
netwin
exploit available

Summary

SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.

Exploit-Db

descriptionSurgeLDAP 1.0 Web Administration Authentication Bypass Vulnerability. CVE-2004-2254. Webapps exploit for cgi platform
idEDB-ID:24094
last seen2016-02-02
modified2004-05-05
published2004-05-05
reporterGSS IT
sourcehttps://www.exploit-db.com/download/24094/
titleSurgeLDAP 1.0 Web Administration Authentication Bypass Vulnerability