FreeBSD : mod_pubcookie -- Empty Authentication Security Advisory (1ca8228f-858d-11e0-a76c-000743057ca2)
High Nessus Plugin ID 54621
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionNathan Dors, Pubcookie Project reports :
An Abuse of Functionality vulnerability in the Pubcookie authentication process was found. This vulnerability allows an attacker to appear as if he or she were authenticated using an empty userid when such a userid isn't expected. Unauthorized access to web content and applications may result where access is restricted to users who can authenticate successfully but where no additional authorization is performed after authentication.
SolutionUpdate the affected package.