DotNetNuke Identity Authentication Bypass Vulnerability Network Vulnerability

Summary

The host is installed with DotNetNuke and is prone to Authentication Bypass vulnerability.

Impact

Successful exploitation could allows remote attackers to bypass security restrictions via unknown vectors related to a 'unique id' and impersonate other users and possibly gain elevated pivileges. Impact Level: Application

Solution

Upgrade to DotNetNuke version 4.9.0 or latest For updates refer to http://www.dotnetnuke.com/

Insight

The vulnerability is caused due improper validation of a user identity.

Affected

DotNetNuke versions 4.4.1 to 4.8.4.

References

http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno21/tabid/1174/Default.aspx
http://xforce.iss.net/xforce/xfdb/45081

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7100
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
Apache Tomcat TroubleShooter Servlet Installed
Apache Solr Directory Traversal Vulnerability Jan-14
123 Flash Chat Multiple Security Vulnerabilities
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability

Take action and discover your vulnerabilities