Web Application Security
Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Ektron CMS Take Over - Hijacking Accounts
Jan 30 2014 09:08AM
Mark Litchfield (mark securatary com)
I have detailed a vulnerability within Ektron CMS that allows an
unauthenticated user to hijack any account. The clear targets of choice
for this CMS would be the builtin or admin account.
Whilst I found this issue back in 2012, it appears that around 65% are
still vulnerable and should be patc...
[ more ]
Copyright 2010, SecurityFocus