Summary
The host is running Burden and is prone to authentication bypass vulnerability.
Impact
Successful exploitation will allow attackers to login as admin without providing credentials.
Impact Level: Application
Solution
Upgrade to Burden 1.8.1 or later,
For updates refer to https://github.com/joshf/Burden/releases/tag/1.8.1
Insight
The flaw is due to insufficient authentication when handling 'burden_user_rememberme' cookie parameter. A remote unauthenticated user can set 'burden_user_rememberme' cookie to '1' and gain administrative access to the application.
Affected
Burden version 1.8 and prior.
Detection
Send the crafted HTTP GET request and check is it possible to login or not
References
Severity
Classification
-
CVE CVE-2013-7137 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities