Detections
Analytics

WaveMaker Studio Requires No Authentication

high Nessus Plugin ID 60062

Language:

Synopsis

A web development application hosted on the remote web server does not require authentication.

Description

The version of WaveMaker Studio detected on the remote host does not require authentication. A remote, unauthenticated attacker could exploit this to create, modify, and deploy projects.

Solution

Configure WaveMaker Studio to require authentication using one of the methods in the referenced WaveMaker forum posts.

See Also

http://dev.wavemaker.com/forums/?q=node/2304

http://dev.wavemaker.com/forums/?q=node/8418

Plugin Details

Severity: High

ID: 60062

File Name: wavemaker_studio_no_auth.nasl

Version: 1.2

Type: remote

Family: CGI abuses

Published: 7/19/2012

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: x-cpe:/a:vmware:wavemaker

Required KB Items: www/wavemaker_studio

Excluded KB Items: Settings/disable_cgi_scanning