CVE-2004-2254 - Plural Guests

Description

SurgeLDAP 1.0g (Build 12) and possibly other versions before 1.0h allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.

Reference

http://netwinsite.com/surgeldap/updates.htm http://www.securityfocus.com/bid/10294 http://www.osvdb.org/5890 http://securitytracker.com/id?1010068 http://securitytracker.com/alerts/2004/May/1010113.html http://secunia.com/advisories/11549 https://exchange.xforce.ibmcloud.com/vulnerabilities/16076