PROBLEM:
eXtplorer "ext_find_user()" Authentication Bypass Vulnerability
PLATFORM:
eXtplorer 2.x
ABSTRACT:
A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions.
REFERENCE LINKS:
Secunia Advisory SA51636
eXtplorer 2.1.3 Security Release
IMPACT ASSESSMENT:
Medium
DISCUSSION:
eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug.
IMPACT:
An error within the "ext_find_user()" function in users.php can be exploited to bypass the authentication mechanism and login as an arbitrary user.