Authentication Bypass Vulnerability in SurgeLDAP by Netwin
CVE-2004-2254

Currently unrated

Key Information:

Vendor

Netwin

Status
Surgeldap
Vendor
CVE Published:
31 December 2004

What is CVE-2004-2254?

The SurgeLDAP product, specifically version 1.0g (Build 12) and earlier versions, is susceptible to an authentication bypass vulnerability. This security flaw enables remote attackers to access the administration interface by manipulating the 'utoken' parameter in a direct request to admin.cgi. Consequently, unauthorized users can gain access to critical management functionalities, exposing the system to potential malicious actions. Users of affected versions should consider immediate updates or mitigations to safeguard against this risk.

References

http://securitytracker.com/alerts/2004/May/1010113.html
vdb-entryx_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/16076
vdb-entryx_refsource_XF
http://securitytracker.com/id?1010068
vdb-entryx_refsource_SECTRACK

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.