SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).
References
Link | Resource |
---|---|
https://cwe.mitre.org/data/definitions/321.html | Technical Description |
https://forum.soplanning.org/viewforum.php?f=8 | Vendor Advisory |
https://labs.integrity.pt/advisories/cve-2020-13963/ | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-03-21 21:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-13963
Mitre link : CVE-2020-13963
CVE.ORG link : CVE-2020-13963
JSON object : View
Products Affected
soplanning
- soplanning
CWE
CWE-798
Use of Hard-coded Credentials