DotNetNuke Identity Authentication Bypass Vulnerability Network Vulnerability

Summary

The host is installed with DotNetNuke and is prone to Authentication Bypass vulnerability.

Impact

Successful exploitation could allows remote attackers to bypass security restrictions via unknown vectors related to a 'unique id' and impersonate other users and possibly gain elevated pivileges. Impact Level: Application

Solution

Upgrade to DotNetNuke version 4.9.0 or latest For updates refer to http://www.dotnetnuke.com/

Insight

The vulnerability is caused due improper validation of a user identity.

Affected

DotNetNuke versions 4.4.1 to 4.8.4.

References

http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno21/tabid/1174/Default.aspx
http://xforce.iss.net/xforce/xfdb/45081

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7100

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
Adobe JRun Management Console Multiple Vulnerabilities
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
12Planet Chat Server one2planet.infolet.InfoServlet XSS
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability

Take action and discover your vulnerabilities