There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-01-27T00:00:00
Updated: 2024-08-03T13:47:04.552Z
Reserved: 2022-10-28T00:00:00
Link: CVE-2022-43978
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-01-27T22:15:08.533
Modified: 2024-11-21T07:27:28.303
Link: CVE-2022-43978
Redhat
No data.