Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

CitrusDB Remote Authentication Bypass Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Acertains the presence of CitrusDB

Detailed Explanation for this Vulnerability Test

The remote host is running CitrusDB, an open source customer database
application written in PHP.

This version of CitrusDB is vulnerable to an Authentication bypass
vulnerability in the way it handles cookies based authentication.

A possible hacker, to exploit this flaw, needs to know a valid username.
By default CitrusDB comes with admin user. A possible hacker will just need
to send a MD5 hash of username + 'boogaadeeboo' as cookie to be
authenticated as administrator.

Solution : Upgrade to a newer version when available
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.