Kahua Shared User Database Authentication Bypass Vulnerability
BID:21074
Info
Kahua Shared User Database Authentication Bypass Vulnerability
| Bugtraq ID: | 21074 |
| Class: | Access Validation Error |
| CVE: |
CVE-2006-5932 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 14 2006 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Kahua Kahua 0.5.1 Kahua Kahua 0.6 Kahua Kahua 0.5 |
| Not Vulnerable: |
Kahua Kahua 0.7 |
Discussion
Kahua Shared User Database Authentication Bypass Vulnerability
Kahua is prone to an authentication-bypass vulnerability because of an access-validation error in the affected application.
An attacker may exploit this issue to bypass certain authentication mechanisms. This may lead to other attacks.
Versions prior to 0.7 are vulnerable to this issue.
Kahua is prone to an authentication-bypass vulnerability because of an access-validation error in the affected application.
An attacker may exploit this issue to bypass certain authentication mechanisms. This may lead to other attacks.
Versions prior to 0.7 are vulnerable to this issue.
Exploit / POC
Kahua Shared User Database Authentication Bypass Vulnerability
An attacker can exploit this issue via a web client.
An attacker can exploit this issue via a web client.
Solution / Fix
Kahua Shared User Database Authentication Bypass Vulnerability
Solution:
The vendor released an update to address this issue. Please contact the vendor for information on how to obtain and apply this update.
Solution:
The vendor released an update to address this issue. Please contact the vendor for information on how to obtain and apply this update.
References
Kahua Shared User Database Authentication Bypass Vulnerability
References:
References:
- Kahua Security Advisary 2006-001 (Kahua)
- Vendor Home Page (Kahua)