Cacti auth_login.php bypass access restriction Vulnerability (CVE-2016-2313)

Cacti auth_login.php bypass access restriction Vulnerability (CVE-2016-2313)
Cacti auth_login.php bypass access restriction Vulnerability (CVE-2016-2313)

Release date:
Updated on:

Affected Systems:

Cacti Cacti < 0.8.8g

Description:

CVE (CAN) ID: CVE-2016-2313

Cacti is a database round robin (RRD) tool that helps you create images from database information. It has multiple Linux versions.

In Cacti 0.8.8g or earlier versions, auth_login.php has a security vulnerability. Remote users verified on the Web can use non-cacti database users to log on, bypassing the target access restriction.

<* Source: dps
*>

Suggestion:

Vendor patch:

Cacti
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://bugs.cacti.net/view.php? Id = 2656

-------------------------------------- Split line --------------------------------------

In RHEL6.4, the Cacti + Spine monitoring host is used to send mail alarms.

Use Cacti + Spine to monitor remote hosts in RHEL6.4

CentOS 5.5 complete installation of Cacti + Spine

Cacti construction document under CentOS 6

Detailed description of Cacti monitoring deployment under RHEL5.9

How to install Cacti in CentOS 6.3

Quick installation and configuration of Cacti in CentOS Linux

-------------------------------------- Split line --------------------------------------

Cacti details: click here
Cacti: click here

This article permanently updates the link address: