CVE-2013-6766

Openvas Administrator - Authentication Bypass

Title source: rule

Description

OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC.

References (3)

Scores

EPSS 0.0038
EPSS Percentile 59.3%

Classification

CWE
CWE-287
Status draft

Affected Products (7)

openvas/openvas_administrator
openvas/openvas_administrator
openvas/openvas_administrator
openvas/openvas_administrator
openvas/openvas_administrator
openvas/openvas_administrator
openvas/openvas_administrator

Timeline

Published May 19, 2014
Tracked Since Feb 18, 2026