CVE-2018-7739

Name of the Vulnerable Software and Affected Versions: antsle antman versions prior to 0.9.1a

Description: The issue allows remote attackers to bypass authentication by providing invalid characters in the username and password parameters. This can be achieved by sending a string, such as username=>&password=%0a, to the "/login" API endpoint. As a result, an attacker can obtain root permissions within the web management console. The root cause of this issue is the insufficient input validation in the antsle-auth bash script, which is used by the login process through Java's ProcessBuilder class.

Recommendations: For versions prior to 0.9.1a, update to version 0.9.1a or later to resolve the issue. As a temporary workaround, consider restricting access to the "/login" API endpoint to minimize the risk of exploitation. Additionally, avoid using special characters in the username and password parameters until the issue is resolved.