This host is running aflog and is prone to cookie-based authentication bypass vulnerability.
Exploitation will allow an attacker to gain administrative access and bypass authentication. Impact Level: System
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. For updates refer to http://www.aflog.org/
The flaw is due to inadequacy in verifying user-supplied input used for cookie-based authentication by setting the aflog_auth_a cookie to 'A' or 'O' in edit_delete.php, edit_cat.php, edit_lock.php, and edit_form.php.
aflog versions 1.01 and prior on all running platform
Updated on 2017-03-28
- Athena Web Registration remote command execution flaw
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- AdPeeps 'index.php' Multiple Vulnerabilities.