Vulnerabilities > CVE-2022-48538 - Incorrect Authorization vulnerability in Cacti 1.2.19

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

cacti

CWE-863

NVD

Published: 2023-08-22

Updated: 2023-08-28

Summary

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.

Vulnerable Configurations

Part	Description	Count
Application	Cacti Cacti Cacti 1.2.19	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://github.com/Cacti/cacti/issues/5189
https://docs.cacti.net/Settings-Auth-LDAP.md