OpenVAS Administrator Authentication Bypass Network Vulnerability

Summary

The remote OVS Administrator is prone to an authentication bypass.

Impact

Attackers can exploit these issues to gain unauthorized access to the affected application and perform certain actions.

Solution

Update to version 1.2.2 or 1.3.2.

Insight

A software bug in the server module 'OVS Administrator' allowed to bypass the OAP authentication procedure. The attack vector is remotely available in case public OAP is enabled. In case of successful attack, the attacker gains partial rights to execute OAP commands.

Detection

Try to bypass OAP authentication by sending a special crafted request.

References

http://openvas.org/OVSA20131108.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6766

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)
Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities April-2012 (Windows)

Take action and discover your vulnerabilities