Vulnerabilities > CVE-2006-2531 - Unspecified vulnerability in Ipswitch Whatsup Professional2006

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ipswitch
nessus
exploit available
NVD
Published: 2006-05-22
Updated: 2018-10-18

Summary

Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".

Vulnerable Configurations

Part Description Count
Application
Ipswitch
1

Exploit-Db

descriptionIpswitch WhatsUp Professional 2006 Authentication Bypass Vulnerability. CVE-2006-2531. Remote exploit for hardware platform
idEDB-ID:27891
last seen2016-02-03
modified2006-05-17
published2006-05-17
reporterKenneth F. Belva
sourcehttps://www.exploit-db.com/download/27891/
titleIpswitch WhatsUp Professional 2006 - Authentication Bypass Vulnerability

Nessus

NASL familyCGI abuses
NASL idIPSWITCH_WHATSUP_AUTH_BYPASS.NASL
descriptionThe remote host is running Ipswitch WhatsUp Professional, which is used to monitor states of applications, services and hosts. The version of WhatsUp Professional installed on the remote host allows an attacker to bypass authentication with a specially crafted request.
last seen2020-06-01
modified2020-06-02
plugin id21572
published2006-05-18
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/21572
titleIpswitch WhatsUp Professional Crafted Header Authentication Bypass

References