CVE-2007-2849 | Vulnerability Database | Aqua Security

KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check.

Affected Software

Name	Vendor	Start Version	End Version
Knowledgetree_document_management	Knowledgetree_document_management	3.3.3 (including)	3.3.3 (including)
Knowledgetree	Ubuntu	dapper	*
Knowledgetree	Ubuntu	edgy	*
Knowledgetree	Ubuntu	feisty	*
Knowledgetree	Ubuntu	gutsy	*

References

http://osvdb.org/36578
http://secunia.com/advisories/25360
http://sourceforge.net/forum/forum.php?forum_id=698243
http://sourceforge.net/project/shownotes.php?release_id=510338
http://www.securityfocus.com/bid/24110
http://www.vupen.com/english/advisories/2007/1920
https://exchange.xforce.ibmcloud.com/vulnerabilities/34463
http://osvdb.org/36578
http://secunia.com/advisories/25360
http://sourceforge.net/forum/forum.php?forum_id=698243
http://sourceforge.net/project/shownotes.php?release_id=510338
http://www.securityfocus.com/bid/24110
http://www.vupen.com/english/advisories/2007/1920
https://exchange.xforce.ibmcloud.com/vulnerabilities/34463

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-2849
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html