639696 – (CVE-2016-10700) <net-analyzer/cacti-1.0.0: Security bypass vulnerability

Bug 639696 (CVE-2016-10700) - <net-analyzer/cacti-1.0.0: Security bypass vulnerability

Summary: <net-analyzer/cacti-1.0.0: Security bypass vulnerability

Status:	RESOLVED FIXED

Alias:	CVE-2016-10700

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-12-04 01:47 UTC by GLSAMaker/CVETool Bot
Modified:	2018-11-25 00:49 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2017-12-04 01:47:25 UTC

CVE-2016-10700 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10700):
  auth_login.php in Cacti before 1.0.0 allows remote authenticated users who
  use web authentication to bypass intended access restrictions by logging in
  as a user not in the cacti database, because the guest user is not
  considered. NOTE: this vulnerability exists because of an incomplete fix for
  CVE-2016-2313.

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-12-04 01:48:20 UTC

@Maintainers please confirm if SLOT 0.8.8h is affected. 

Thank you

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2018-11-25 00:49:08 UTC

tree is clean now