CVE-2012-1123

MantisBT < 1.2.9 - Unauthenticated Authentication Bypass via Null Password

Title source: llm
STIX 2.1

Description

The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password.

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52313
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2500
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201211-01.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49572
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51199
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/06/9
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48258

Scores

EPSS 0.0373
EPSS Percentile 88.4%

Details

CWE
CWE-287
Status published
Products (28)
mantisbt/mantisbt 0.18.0
mantisbt/mantisbt 0.19.0 (4 CPE variants)
mantisbt/mantisbt 0.19.1
mantisbt/mantisbt 0.19.2
mantisbt/mantisbt 0.19.3
mantisbt/mantisbt 0.19.4
mantisbt/mantisbt 0.19.5
mantisbt/mantisbt 1.0.0 (9 CPE variants)
mantisbt/mantisbt 1.0.1
mantisbt/mantisbt 1.0.2
... and 18 more
Published Jun 29, 2012
Tracked Since Feb 18, 2026