Daniel Chactoura

Name of the Vulnerable Software and Affected Versions: Datalust Seq versions prior to 4.2.605 Description: The issue allows for authentication bypass, enabling an attacker to obtain admin access. This can be achieved by sending a PUT request to the "api/settings/setting-isauthenticationenabled" endpoint with the parameter `Name` set to "isauthenticationenabled" and `Value` set to false. Recommendations: For versions prior to 4.2.605, update to version 4.2.605 or later to resolve the issue. As a temporary workaround, consider restricting access to the "api/settings/setting-isauthenticationenabled" endpoint to minimize the risk of exploitation. Avoid using the parameter `Name` with the value "isauthenticationenabled" and `Value` set to false in the affected API endpoint until the issue is resolved.