Published: 14/03/2018 Updated: 28/02/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Datalust Seq prior to 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
datalust seq

# Exploit Title: Seq 42476 - Authentication Bypass # Date: 2018-08-02 # Exploit Author: Daniel Chactoura # Vendor Homepage: getseqnet/ # Software Link: getseqnet/Download/All # Version: <= 42476 # CVE : CVE-2018-8096 # Post Reference: mediumcom/stolabs/bypass-admin-authentication-on-seq-17f0f9e02732 # coding=utf-8 ...

Seq versions 42476 and below suffer from an authentication bypass vulnerability ...

CWE-287 https://medium.com/stolabs/bypass-admin-authentication-on-seq-17f0f9e02732 https://github.com/datalust/seq-tickets/issues/675 https://www.exploit-db.com/exploits/45136/https://nvd.nist.gov https://www.exploit-db.com/exploits/45136/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-8096

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect