Intrusion Prevention

Expinion.Net.MMS.Authentication.Bypass

Description

It indicates an attempt to gain Administrator access to News Manager Lite. News Manager Lite is a news management program for web sites. It runs on Microsoft Windows platforms and it is built in ASP. A vulnerability exists which could allow attackers to gain administrator access by setting the Admin parameter in the NEWS_LOGIN cookie.

Affected Products

Expinion.net News Manager Lite 2.5.

Impact

Gain Access.

Recommended Actions

Upgrade to Expinion.net News Manager Lite 2.6 or later.

CVE References

CVE-2004-1847