Bypassing Basic Authentication in Monitorix 3.13.0 Default Installation

Bypassing Basic Authentication in Monitorix 3.13.0 Default Installation

CVE-2021-3325 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.

Learn more about our Web Application Penetration Testing UK.