The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.master.api.access_key.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-05-16T15:00:00
Updated: 2014-05-16T14:57:00
Reserved: 2014-05-14T00:00:00
Link: CVE-2013-7379
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-05-16T15:55:04.333
Modified: 2014-05-16T17:55:06.260
Link: CVE-2013-7379
JSON object: View
Redhat Information
No data.
CWE