TUCoPS :: HP Unsorted L :: bt-21286.htm

LogRover SQL Injection Authentication Bypass
DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass
DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass


Title=0D
-----=0D
DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass=0D
=0D
Severity=0D
--------=0D
Medium=0D
=0D
Date Discovered=0D
---------------=0D
May 12, 2009=0D
=0D
Discovered By=0D
-------------=0D
Digital Defense, Inc. Vulnerability Research Team=0D
Credit: Geoff Humes and r@b13$=0D
=0D
Vulnerability Description=0D
-------------------------=0D
The login screen of the LogRover web interface is vulnerable to a SQL Injection which can allow remote attackers to login to the system via an authentication bypass.=0D
=0D
Solution Description=0D
--------------------=0D
Limit access to the login page to internal networks and trusted users only.=0D
=0D
Tested Systems / Software (with versions)=0D
------------------------------------------=0D
LogRover version 2.3 for Windows XP=0D
=0D
Vendor Contact=0D
--------------=0D
Name: LogRover=0D
Website: http://www.logrover.com/=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH