D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the TokenUtils class. The issue results from a hard-coded cryptographic key. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19659.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: zdi
Published: 2024-05-03T01:56:47.263Z
Updated: 2024-06-05T19:38:05.699Z
Reserved: 2023-05-03T20:10:47.063Z
Link: CVE-2023-32169
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-05-03T02:15:22.230
Modified: 2024-05-03T12:50:34.250
Link: CVE-2023-32169
JSON object: View
Redhat Information
No data.
CWE