Vulnerabilities > CVE-2007-1436 - Password Check vulnerability in LedgerSMB
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring. This vulnerability is addressed in the following product updates: SQL-Ledger, 2.6.26 LedgerSMB, 1.1.9
Vulnerable Configurations
Nessus
NASL family | CGI abuses |
NASL id | LEDGERSMB_ADMIN_AUTH_BYPASS.NASL |
description | The remote host is running LedgerSMB or SQL-Ledger, a web-based double-entry accounting system. The version of LedgerSMB or SQL-Ledger on the remote host contains a design flaw that can be leveraged by a remote attacker to bypass authentication and gain administrative access of the application. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24784 |
published | 2007-03-09 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/24784 |
title | LedgerSMB / SQL-Ledger admin.pl Admin Authentication Bypass |
code |
|
References
- http://secunia.com/advisories/24467
- http://secunia.com/advisories/24496
- http://securityreason.com/securityalert/2436
- http://sourceforge.net/project/shownotes.php?release_id=494462&group_id=175965
- http://www.osvdb.org/33622
- http://www.osvdb.org/33623
- http://www.securityfocus.com/archive/1/462375/100/0/threaded
- http://www.securityfocus.com/bid/22889