QwikSec

Security Database

CVE

CWE

Training

CVE-2019-15299

Published: Feb 24, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html

x_refsource_MISC

https://github.com/centreon/centreon/pull/8072

x_refsource_MISC

https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.