Vulnerabilities > CVE-2004-2254 - Authentication Bypass vulnerability in SurgeLDAP Web Administration
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Exploit-Db
description | SurgeLDAP 1.0 Web Administration Authentication Bypass Vulnerability. CVE-2004-2254. Webapps exploit for cgi platform |
id | EDB-ID:24094 |
last seen | 2016-02-02 |
modified | 2004-05-05 |
published | 2004-05-05 |
reporter | GSS IT |
source | https://www.exploit-db.com/download/24094/ |
title | SurgeLDAP 1.0 Web Administration Authentication Bypass Vulnerability |