SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Analytics | Sonicwall | * | 2.5.0.4-r7 (including) |
| Global_management_system | Sonicwall | * | 9.3.2 (excluding) |
| Global_management_system | Sonicwall | 9.3.2 (including) | 9.3.2 (including) |
| Global_management_system | Sonicwall | 9.3.2-sp1 (including) | 9.3.2-sp1 (including) |