Signature Detail
Short Name |
HTTP:PKG:SALESLOGIX-AUTH-BYPASS |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
Best Software SalesLogix Authentication Bypass |
Release Date |
2013/05/07 |
Update Number |
2260 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Best Software SalesLogix Authentication Bypass
This signature detects attempts to exploit a known flaw against Best Software SalesLogix application. A successful attack can lead to bypass the authentication mechanism and gain access to the affected application as an administrative user.
Extended Description
Best Software SalesLogix is affected by multiple vulnerabilities. These issues are due to design errors that reveal sensitive information, access control validation issues that allow unauthorized access and input validation issues facilitating SQL injection attacks. An attacker may leverage these issues to manipulate and disclose database contents through SQL injection attacks, steal authentication credentials due to information disclosure vulnerabilities and bypass authentication to gain administrator access to the server.
Affected Products
- Best Software SalesLogix
- SalesLogix Corporation SalesLogix 2000.0.0
References
- BugTraq: 11450
- CVE: CVE-2004-1605