Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

LedgerSMB / SQL-Ledger Authentication Bypass

Medium

Synopsis

The remote web server contains a Perl application that is prone to an authentication bypass issue.

Description

The remote host is running LedgerSMB or SQL-Ledger, a web-based double-entry accounting system. The version of LedgerSMB or SQL-Ledger on the remote host contains a design flaw that can be leveraged by a remote attacker to bypass authentication and can gain administrative access of the application.

Solution

If using LedgerSMB, upgrade to 1.1.9 or higher. There is no known solution for SQL-Ledger at this time.