An issue exists in genua genugate prior to 9.0 Z p19, 9.1.x up to and including 9.6.x prior to 9.6 p7, and 10.x prior to 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an malicious user to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
genua genuagate 10.1 |
||
genua genuagate |
||
genua genuagate 9.0 |
||
genua genuagate 9.6.0 |