Fluid Attacks Database

Description

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	cacti	=1.2.16+ds1-2 \|\| =1.2.16+ds1-2+deb11u1 \|\| =1.2.16+ds1-2+deb11u2 \|\| =1.2.16+ds1-2+deb11u3 \|\| =1.2.16+ds1-2+deb11u4 \|\| =1.2.16+ds1-2+deb11u5 \|\| =1.2.19+ds1-1 \|\| =1.2.19+ds1-2 \|\| =1.2.20+ds1-1 \|\| =1.2.20+ds1-2 \|\| =1.2.21+ds1-1 \|\| =1.2.22+ds1-1 \|\| =1.2.22+ds1-2 \|\| =1.2.22+ds1-3 \|\| =1.2.23+ds1-1 \|\| =1.2.23+ds1-2 \|\| =1.2.24+ds1-1 \|\| =1.2.25+ds1-1 \|\| =1.2.25+ds1-2 \|\| =1.2.26+ds1-1 \|\| =1.2.27+ds1-1 \|\| =1.2.27+ds1-2 \|\| =1.2.28+ds1-1 \|\| =1.2.28+ds1-2 \|\| =1.2.28+ds1-3 \|\| =1.2.28+ds1-4 \|\| =1.2.30+ds1-1 \|\| =1.2.30+ds1-2 \|\| =1.2.30+ds1-3	-
debian 12	cacti	>=0 <1.2.23+ds1-1	1.2.23+ds1-1
debian 13	cacti	>=0 <1.2.23+ds1-1	1.2.23+ds1-1
debian 14	cacti	>=0 <1.2.23+ds1-1	1.2.23+ds1-1

Aliases

1. CVE-2022-485382. NVD-2022-485383. OSV-DEBIAN-2022-485384. OSV-2022-485385. SECURITY-TRACKER-CVE-2022-48538

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.