FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege.
References
| Link | Resource |
|---|---|
| https://improsec.com/en/responsible-disclosure | Third Party Advisory |
| https://www.adminbyrequest.com/en/releasenotes | |
| https://improsec.com/en/responsible-disclosure | Third Party Advisory |
| https://www.adminbyrequest.com/en/releasenotes |
Configurations
History
21 Nov 2024, 04:31
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://improsec.com/en/responsible-disclosure - Third Party Advisory | |
| References | () https://www.adminbyrequest.com/en/releasenotes - |
25 May 2023, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:fasttracksoftware:admin_by_request:*:*:*:*:*:*:*:* | |
| References |
|
Information
Published : 2020-01-23 15:15
Updated : 2024-11-21 04:31
NVD link : CVE-2019-17202
Mitre link : CVE-2019-17202
CVE.ORG link : CVE-2019-17202
JSON object : View
Products Affected
fasttracksoftware
- admin_by_request
CWE
CWE-269
Improper Privilege Management