Web Application Security
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Ektron CMS Take Over - Hijacking Accounts Jan 30 2014 09:08AM
Mark Litchfield (mark securatary com)
I have detailed a vulnerability within Ektron CMS that allows an
unauthenticated user to hijack any account. The clear targets of choice
for this CMS would be the builtin or admin account.

Whilst I found this issue back in 2012, it appears that around 65% are
still vulnerable and should be patc...

[ more ]  

Privacy Statement
Copyright 2010, SecurityFocus