Auth bypass in Pineapp Mail-secure

CVE-2013-6828

admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter.

Vulnerability class: Broken Authentication

EPSS: 0.002 (47.6th percentile) — read the EPSS interpretation.

Affected products

Pineapp Mail-secure
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

20131119 pineapp mailsecure pwnage (mailing-list, x_refsource_FULLDISC)