George Theall of Tenable Security notified the LedgerSMB core team today
of an authentication bypass vulnerability allowing full access to the
administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x. The
problem is caused by the password checking routine failing to enforce a
passwo...
George Theall of Tenable Security notified the LedgerSMB core team today
of an authentication bypass vulnerability allowing full access to the
administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x. The
problem is caused by the password checking routine failing to enforce a
passwo...
[ more ]