Date: 13 Jul 2009 15:15:33 -0000
From: [email protected]
To: [email protected]Subject: DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass
X-Virus-Scanned: antivirus-gw at tyumen.ru
Title
DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass
Severity
Medium
Date Discovered
May 12, 2009
Discovered By
Digital Defense, Inc. Vulnerability Research Team
Credit: Geoff Humes and r@b13$
Vulnerability Description
The login screen of the LogRover web interface is vulnerable to a SQL Injection which can allow remote attackers to login to the system via an authentication bypass.
Solution Description
Limit access to the login page to internal networks and trusted users only.
Tested Systems / Software (with versions)
------------------------------------------
LogRover version 2.3 for Windows XP
Vendor Contact
Name: LogRover
Website: http://www.logrover.com/
