ntopng.Session.IDs.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass vulnerability in ntopng.
The vulnerability is due to an design error in the application when handling single or multiple HTTP requests. Via crafted HTTP requests, an unauthenticated remote attacker may be able to exploit this to bypass authentication on vulnerable systems by guessing the session ID.
This signature is using track and rate feature. The default threshold is 50 attempts per second.
Affected Products
ntopng version 3.4.180616 and prior
Impact
Security Bypass: Remote attackers can bypass security features of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://github.com/ntop/ntopng/commit/30610bda60cbfc058f90a1c0a17d0e8f4516221a
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |