CVE Vulnerabilities

CVE-2004-2254

Published: Dec 31, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.

Affected Software

Name Vendor Start Version End Version
Surgeldap Netwin 1.0a 1.0a
Surgeldap Netwin 1.0b 1.0b
Surgeldap Netwin 1.0d 1.0d
Surgeldap Netwin 1.0e 1.0e
Surgeldap Netwin 1.0f 1.0f
Surgeldap Netwin 1.0g 1.0g

References