CVE-2006-2531

Name of the Vulnerable Software and Affected Versions Ipswitch WhatsUp Professional version 2006

Description The issue allows remote attackers to bypass authentication by spoofing the identity of a trusted console. This is achieved by setting the HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".

Recommendations For Ipswitch WhatsUp Professional version 2006, consider disabling the use of HTTP headers for user identity verification until a more secure authentication method is implemented. Restrict access to the console to minimize the risk of exploitation. Avoid relying solely on HTTP headers for authentication.