PT-2020-5380 · Mk · Mk-Auth

Merhawi Solomon Gebrekidan

Published

2020-06-29

Updated

2021-07-21

CVE-2020-14070

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MK-AUTH version 19.01

Description The issue concerns an authentication bypass in the web login functionality. This is due to guessable credentials for the admin access to the admin/executar login.php endpoint. The vulnerability is related to errors in handling registration data, which can allow a remote attacker to elevate their privileges.

Recommendations For MK-AUTH version 19.01, consider restricting access to the admin/executar login.php endpoint until a fix is available. As a temporary workaround, review and strengthen the credentials used for admin access to prevent guessable credentials from being exploited.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-255

Related Identifiers

BDU:2021-00370

CVE-2020-14070

Affected Products

Mk-Auth

PT-2020-5380 · Mk · Mk-Auth

CVE-2020-14070

Weakness Enumeration

Related Identifiers

Affected Products

References · 6