VTiger CRM Authentication Bypass Vulnerability Network Vulnerability

Summary

vTiger CRM Authentication Bypass Vulnerability

Impact

A remote attacker can bypass the authentication machanism.

Solution

Apply the patch from the link below or upgrade to version 6.0 or later.

Insight

The installed vTiger CRM is prone to an authentication bypass vulnerability. The vulnerable code is located in the validateSession() function, which is defined in multiple SOAP services.

Affected

vTiger CRM version 5.1.0 to 5.4.0.

Detection

Tries to exploit the vulnerability by calling the respective SOAP call.

References

http://karmainsecurity.com/KIS-2013-08
http://www.osvdb.com/95903
https://www.vtiger.com/blogs/?p=1467

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-3215
CVSS Base Score: 9.4
AV:N/AC:L/Au:N/C:C/I:C/A:N

Related Vulnerabilities

3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
ASUS RT56U Router Multiple Vulnerabilities
b2ePMS Multiple SQL Injection Vulnerabilities
ActivePerl perlIS.dll Buffer Overflow

Take action and discover your vulnerabilities