Serendipity <= 1.1.3 Authentication Bypass
Medium Nessus Network Monitor Plugin ID 4163
SynopsisThe remote host is vulnerable to a flaw that allows for the bypassing of authentication
DescriptionThe remote host is running Serendipity, a web log application. This version of Serendipity is vulnerable to a flaw where authenticated users can access restricted 'administrative' functions. An attacker exploiting this flaw would require a user ID and password to some portion of the web application. Successful exploitation would allow the user to gain limited administrative access.
SolutionUpgrade to a version higher than 1.1.3 or 1.2-beta4.