CVE-2023-51638

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-51638
Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a database. The issue results from the use of a hardcoded password. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22360.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-24-111/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:alltena:allegra:*:*:*:*:*:*:*:*
History

03 Jan 2025, 20:19

Type Values Removed Values Added
CPE cpe:2.3:a:alltena:allegra:*:*:*:*:*:*:*:*
Summary
  • (es) Vulnerabilidad de omisión de autenticación de credenciales codificadas de forma rígida en Allegra. Esta vulnerabilidad permite a atacantes remotos omitir la autenticación en las instalaciones afectadas de Allegra. No se requiere autenticación para explotar esta vulnerabilidad. La falla específica existe dentro de la configuración de una base de datos. El problema es el resultado del uso de una contraseña codificada de forma rígida. Un atacante puede aprovechar esta vulnerabilidad para omitir la autenticación en el sistema. Era ZDI-CAN-22360.
References () https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html - () https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html - Release Notes
References () https://www.zerodayinitiative.com/advisories/ZDI-24-111/ - () https://www.zerodayinitiative.com/advisories/ZDI-24-111/ - Third Party Advisory
First Time Alltena allegra
Alltena

22 Nov 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-22 20:15

Updated : 2025-01-03 20:19

NVD link : CVE-2023-51638

Mitre link : CVE-2023-51638

CVE.ORG link : CVE-2023-51638

JSON object : View

Products Affected

alltena

  • allegra
CWE
CWE-798

Use of Hard-coded Credentials