Skip to content

Improper Authentication

High
matks published GHSA-ccvh-jh5x-mpg4 Jul 2, 2020

Package

No package listed

Affected versions

> 1.5.0.0

Patched versions

1.7.6.6

Description

Impact

The authentication system is malformed and an attacker is able to foreign request and executes admin commands

Patches

The problem is fixed in 1.7.6.6

Workarounds

Enable PS_COOKIE_CHECKIP configuration but it's maybe not enough.

References

Improper Authentication - Generic (CWE-287)

Thanks to @komradz86 (his twitter and facebook)

Severity

High

CVE ID

CVE-2020-4074

Weaknesses

No CWEs

Credits