This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:MISC:DATALUST-BYPASS
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Datalust Seq CVE-2018-8096 Authentication Bypass
|
Release Date |
2019/03/28
|
Update Number |
3157
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Datalust Seq CVE-2018-8096 Authentication Bypass
This signature detects attempts to exploit a known vulnerability against Datalust Seq version before 4.2.605. A successful attack can lead to Authentication Bypass.
Extended Description
Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request.
Affected Products
- Datalust seq 1.3.
- Datalust seq 1.3.10
- Datalust seq 1.3.11
- Datalust seq 1.3.9
- Datalust seq 1.4.10
- Datalust seq 1.4.11
- Datalust seq 1.4.12
- Datalust seq 1.4.6
- Datalust seq 1.4.7
- Datalust seq 1.4.8
- Datalust seq 1.4.9
- Datalust seq 1.5.16
- Datalust seq 1.5.17
- Datalust seq 1.5.18
- Datalust seq 1.5.19
- Datalust seq 1.6.10
- Datalust seq 1.6.11
- Datalust seq 1.6.12
- Datalust seq 1.6.13
- Datalust seq 1.6.4
- Datalust seq 1.6.5
- Datalust seq 1.6.6
- Datalust seq 1.6.7
- Datalust seq 1.6.8
- Datalust seq 1.6.9
- Datalust seq 2.0.19
- Datalust seq 2.1.21
- Datalust seq 2.1.22
- Datalust seq 2.2.8
- Datalust seq 2.3.3
- Datalust seq 2.3.4
- Datalust seq 2.4.2
- Datalust seq 3.0.30
- Datalust seq 3.1.16
- Datalust seq 3.1.17
- Datalust seq 3.2.16
- Datalust seq 3.3.20
- Datalust seq 3.3.21
- Datalust seq 3.3.22
- Datalust seq 3.3.23
- Datalust seq 3.4.17
- Datalust seq 3.4.18
- Datalust seq 3.4.20
- Datalust seq 4.0.58
- Datalust seq 4.0.60
- Datalust seq 4.1.14
- Datalust seq 4.1.16
- Datalust seq 4.1.17
- Datalust seq 4.2.470
- Datalust seq 4.2.476
References