CVE-2010-2029
Cybozu Office 7 Ktai and Dotsales - Unauthenticated Authentication Bypass via Cell Phone Unique ID
Title source: llmDescription
Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.
References (7)
Core 7
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39508
Various Sources x_refsource_confirm
http://cybozu.co.jp/products/dl/notice/detail/0034.html
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/63933
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57976
Various Sources x_refsource_misc
http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN87730223/index.html
Scores
EPSS
0.0035
EPSS Percentile
57.7%
Details
CWE
CWE-264
Status
published
Products (2)
cybozu/cybozu_dotsales
cybozu/cybozu_office
7
Published
May 24, 2010
Tracked Since
Feb 18, 2026