OpenEdge AuthGw/AdminServer Auth Bypass pre-11.7.19,12.2.14,12.8.1
CVE-2024-1403 Published on February 27, 2024
Authentication Bypass in OpenEdge Authentication Gateway and AdminServer
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The
vulnerability is a bypass to authentication based on a failure to properly
handle username and password. Certain unexpected
content passed into the credentials can lead to unauthorized access without proper
authentication.
Vulnerability Analysis
CVE-2024-1403 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. An automatable proof of concept (POC) exploit exists. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Products Associated with CVE-2024-1403
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-1403 are published in Progress Openedge:
Affected Versions
Progress OpenEdge:- Version 11.7.0 and below 11.7.19 is affected.
- Version 12.2.0 and below 12.2.14 is affected.
- Version 12.8.0 and below 12.8.1 is affected.
- Version 11.7.0 and below 11.7.19 is affected.
- Version 12.2.0 and below 12.2.14 is affected.
- Version 12.8.0 and below 12.8.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.