Hidden Support Account with Hard-Coded Password in TitanHQ WebTitan

Hidden Support Account with Hard-Coded Password in TitanHQ WebTitan

CVE-2019-19021 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account.

Learn more about our Web App Pen Testing.