ACal.Calendar.Cookie.Based.Authentication.Bypass

description-logoDescription

This indicates an attempt to exploit a cross site scripting (XSS) vulnerability in the ACal Calendar Project.
The vulnerability is due to an error in the "login.php" script. The script relies on the "ACalAuthenticate" cookie parameter to determine if a user has been successfully authenticated. This can be exploited by remote attackers to bypass the authentication process and gain unauthorized access to the application, by setting the "ACalAuthenticate" parameter to "inside".

affected-products-logoAffected Products

ACal Project 2.2.5

Impact logoImpact

Security Bypass.

recomended-action-logoRecommended Actions

Upgrade to the latest version of ACal Project (2.2.6 or later):

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)