Authentication Bypass Vulnerability in SmarterStats Web Server by SmarterTools
CVE-2011-2155

Currently unrated

Key Information:

Vendor: Smartertools
Status: Smarterstats
Vendor: CVE Published:; 20 May 2011

What is CVE-2011-2155?

The SmarterStats 6.0 web server contains a vulnerability in its login form, specifically in the Login.aspx page, where the password field does not have the autocomplete feature disabled. This oversight allows attackers to exploit unattended workstations, potentially bypassing authentication measures and gaining unauthorized access. Users who leave their sessions open on shared or public computers are especially at risk, as sensitive information can be exposed through this flaw.

References

http://xss.cx/examples/smarterstats-60-oscommandinjection...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/67827

vdb-entryx_refsource_XF

http://xss.cx/examples/exploits/stored-reflected-xss-cwe7...

x_refsource_MISC

Timeline

Vulnerability published
May 20, 2011
Vulnerability Reserved
May 20, 2011

Smartertools

What is CVE-2011-2155?

References

Timeline