PT-2023-14420 · Unknown · Pandora Fms

Publicado

2023-01-27

Atualizado

2023-06-27

CVE-2022-43978

CVSS v3.1

5.6

Média

Vetor

AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Pandora FMS version 7.64

Description The issue is related to improper authentication. The application checks for a valid session when a user is not attempting to log in. A static secret in the generatePublicHash function allows an attacker with knowledge of a valid session to bypass authentication checks.

Recommendations For Pandora FMS version 7.64, consider disabling the generatePublicHash function as a temporary workaround until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Using Hardcoded Credentials

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798CWE-287

Identificadores relacionados

CVE-2022-43978

Produtos afetados

Pandora Fms

PT-2023-14420 · Unknown · Pandora Fms

CVE-2022-43978

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4