TikiWiki Authentication Bypass Vulnerability Network Vulnerability

Summary

The host is installed with TikiWiki and is prone to Authentication Bypass vulnerability.

Impact

Successful exploitation could allows to bypass the authentication process to gain unauthorized access to the system with the privileges of the victim. Impact Level: Application

Solution

Upgrade to version 1.7.1.1 or latest http://info.tikiwiki.org/Get+Tiki

Insight

The flaw is due to improper validation of user login credentials. By entering a valid username, an arbitrary or null password, and clicking on the 'remember me' button.

Affected

TikiWiki Version 1.6.1 on all running platform.

References

http://sourceforge.net/tracker/index.php?func=detail&aid=748739&group_id=64258&atid=506846
http://xforce.iss.net/xforce/xfdb/40347

Updated on 2015-03-25

Severity

Classification

CVE CVE-2003-1574

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
Baby Gekko CMS Multiple Vulnerabilities
A-Blog 'sources/search.php' SQL Injection Vulnerability
Arkeia Appliance Multiple Vulnerabilities

Take action and discover your vulnerabilities