Vulnerabilities > CVE-2007-3907 - Authentication Bypass vulnerability in LedgerSMB Login.PL

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

ledgersmb

critical

NVD

Published: 2007-07-19

Updated: 2018-10-15

Summary

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.

Vulnerable Configurations

Part	Description	Count
Application	Ledgersmb Ledgersmb Ledgersmb 1.2.0 Ledgersmb Ledgersmb 1.2.1 Ledgersmb Ledgersmb 1.2.2 Ledgersmb Ledgersmb 1.2.3 Ledgersmb Ledgersmb 1.2.4 Ledgersmb Ledgersmb 1.2.5 Ledgersmb Ledgersmb 1.2.6	7

References

http://secunia.com/advisories/26121
http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965
http://www.ledgersmb.org/node/52
http://www.securityfocus.com/archive/1/473987/100/0/threaded
http://www.securityfocus.com/archive/1/473993/100/0/threaded
http://www.securityfocus.com/bid/24940
http://www.vupen.com/english/advisories/2007/2576
https://exchange.xforce.ibmcloud.com/vulnerabilities/35507