CVE-2018-8096

Name of the Vulnerable Software and Affected Versions: Datalust Seq versions prior to 4.2.605

Description: The issue allows for authentication bypass, enabling an attacker to obtain admin access. This can be achieved by sending a PUT request to the "api/settings/setting-isauthenticationenabled" endpoint with the parameter Name set to "isauthenticationenabled" and Value set to false.

Recommendations: For versions prior to 4.2.605, update to version 4.2.605 or later to resolve the issue. As a temporary workaround, consider restricting access to the "api/settings/setting-isauthenticationenabled" endpoint to minimize the risk of exploitation. Avoid using the parameter Name with the value "isauthenticationenabled" and Value set to false in the affected API endpoint until the issue is resolved.