PT-2020-7674 · Unknown · Bs-Client Private Client

Published

2020-02-13

Updated

2020-02-19

CVE-2014-4198

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions BS-Client Private Client versions 2.4 through 2.5

Description A Two-Factor Authentication Bypass issue exists, allowing a malicious user to access privileged functions via an XML request. This request neglects the use of ADPswID and AD parameters.

Recommendations For versions 2.4 and 2.5, consider restricting access to privileged functions until a fix is available. As a temporary workaround, ensure that all XML requests properly utilize the ADPswID and AD parameters to prevent bypassing two-factor authentication.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2014-4198

Affected Products

Bs-Client Private Client

PT-2020-7674 · Unknown · Bs-Client Private Client

CVE-2014-4198

Weakness Enumeration

Related Identifiers

Affected Products

References · 2