#VU783 Authentication Bypass - CVE-2016-6434
Published: October 5, 2016 / Updated: October 7, 2016
Vulnerability identifier: #VU783
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2016-6434
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Software vendor:
Description
The vulnerability allows a local authenticated user to bypass authentication and obtain potentially sensitive information.
The weakness is caused by using of constant credential by the database. If the authenticated user can access the command-line interface (CLI) for the target system he can get database information from a local shell.
Successful exploitation of the vulnerability lets a local attacker to bypass authentication and disclose important data on the vulnerable system.
The weakness is caused by using of constant credential by the database. If the authenticated user can access the command-line interface (CLI) for the target system he can get database information from a local shell.
Successful exploitation of the vulnerability lets a local attacker to bypass authentication and disclose important data on the vulnerable system.