Vulnerability Note VU#566894
Visibility Software Cyber Recruiter authentication bypass vulnerability
Visibility Software Cyber Recruiter fails to prevent unauthenticated users from accessing protected webpages.
CWE-305: Authentication Bypass by Primary Weakness:
Visibility Software Cyber Recruiter fails to prevent unauthenticated users from accessing protected webpages allowing unauthenticated user to view protected data hosted on the website via the AppSelfService.aspx and AgencyPortal.aspx webpages.
An unauthenticated attacker can bypass authentication and view protected data hosted on the website via the AppSelfService.aspx and AgencyPortal.aspx webpages.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Visibility Software||Affected||03 Dec 2013||03 Feb 2014|
CVSS Metrics (Learn More)
Thanks to Brad Arndt and Michael Ledford for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: Unknown
- Date Public: 27 Jan 2014
- Date First Published: 03 Feb 2014
- Date Last Updated: 03 Feb 2014
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.