Google Urchin <= 5.7.03 report.cgi Administrative Bypass
Medium Nessus Network Monitor Plugin ID 4242
SynopsisThe remote host is vulnerable to a flaw that allows for the bypassing of authentication.
DescriptionThe remote host is running the Google Urchin web application.
This version of Urchin is reported prone to a flaw where an attacker can gain administrative access to the application. The 'report.cgi' script fails to adequately verify that the user is authorized. An attacker exploiting this flaw would be able to perform some subset of administrative duties without authentication.
SolutionUpgrade to a version of Urchin higher than 5.7.03.