Appweb 7.0.3 authCondition Authentication Bypass Vulnerabi

Question

Appweb < 7.0.3 authCondition Authentication Bypass Vulnerability Description According to its banner, the version of Appweb installed on the remote host is prior to 7.0.3. It is, therefore, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types. Note that Nessus did not actually test for this issue, but instead has relied on the version in the server's banner. Solution Upgrade to Appweb version 7.0.3 or later. Output Version source : Mbedthis-Appweb/2.4.2 Installed version : 2.4.2 Fixed version : 7.0.3

Parweez · Answer

This is from an idrac scan.

Parweez · Answer

Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

I am also getting this error.

PowerEdge Hardware General

Was this post helpful?