WinComLPD LPD Monitoring Server Authentication Bypass

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.


Synopsis :

The remote service is affected by an authentication bypass
vulnerability.

Description :

The remote installation of WinComLPD fails to ensure that
authentication to its LPD Monitoring Server has been successful before
processing requests. A remote attacker can leverage this issue to
bypass authentication and gain administrative control of the affected
application.

Note that there are reportedly several other vulnerabilities
associated with this version of WinComLPD, including multiple buffer
overflows, although Nessus has not checked for them.

Solution :

Unknown at this time.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.8
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 30187 ()

Bugtraq ID: 27614

CVE ID: CVE-2008-5158