This host is running aflog and is prone to cookie-based authentication bypass vulnerability.
Exploitation will allow an attacker to gain administrative access and bypass authentication. Impact Level: System
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. For updates refer to http://www.aflog.org/
The flaw is due to inadequacy in verifying user-supplied input used for cookie-based authentication by setting the aflog_auth_a cookie to 'A' or 'O' in edit_delete.php, edit_cat.php, edit_lock.php, and edit_form.php.
aflog versions 1.01 and prior on all running platform
Updated on 2017-03-28
- Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
- ArticleFR CMS Multiple Vulnerabilities - Jan15
- Apache Axis2 Document Type Declaration Processing Security Vulnerability
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability