CVE-2018-16286

LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.
Configurations

Configuration 1 (hide)

cpe:2.3:a:lg:supersign_cms:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:52

Type Values Removed Values Added
References () http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html - Exploit, Third Party Advisory () http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html - Exploit, Third Party Advisory

Information

Published : 2018-09-14 21:29

Updated : 2024-11-21 03:52


NVD link : CVE-2018-16286

Mitre link : CVE-2018-16286

CVE.ORG link : CVE-2018-16286


JSON object : View

Products Affected

lg

  • supersign_cms
CWE
CWE-287

Improper Authentication