You are here

V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability

December 28, 2012 - 6:00am

Addthis

December 28 2012 - 6:00am

PROBLEM:

eXtplorer "ext_find_user()" Authentication Bypass Vulnerability

PLATFORM:

eXtplorer 2.x

ABSTRACT:

A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions.

REFERENCE LINKS:

Secunia Advisory SA51636
eXtplorer 2.1.3 Security Release

IMPACT ASSESSMENT:

Medium

DISCUSSION:

eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug.

IMPACT:

An error within the "ext_find_user()" function in users.php can be exploited to bypass the authentication mechanism and login as an arbitrary user.

SOLUTION:

Update to version 2.1.3

Addthis