PT-2010-2307 · Geo++ · Geo++ Gncaster
Published
2010-02-04
·
Updated
2018-10-10
·
CVE-2010-0550
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Geo++ GNCASTER versions 1.4.0.7 and earlier
Description
The issue concerns the
admin.htm page in Geo++ GNCASTER, where HTTP Digest Authentication is not properly enforced, allowing remote authenticated users to bypass the intended server policy by using HTTP Basic Authentication.Recommendations
For versions 1.4.0.7 and earlier, consider disabling HTTP Basic Authentication to enforce the intended server policy until a proper fix is available. Restrict access to the
admin.htm page to minimize the risk of exploitation.Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Geo++ Gncaster