CVE-2012-1123

Published: 29 June 2012

The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password.

Priority

Status

Package	Release	Status
mantis Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Ignored (end of life)
	maverick	Ignored (end of life)
	natty	Released (1.1.8+dfsg-10squeeze2build0.11.04.1)
	oneiric	Ignored (end of life)
	precise	Not vulnerable (1.2.10-1)
	quantal	Not vulnerable (1.2.10-1)
	raring	Not vulnerable (1.2.10-1)
	saucy	Not vulnerable (1.2.10-1)
	upstream	Released (1.2.9)
	Patches: vendor: http://www.debian.org/security/2012/dsa-2500

References

https://www.cve.org/CVERecord?id=CVE-2012-1123
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662858
http://www.mantisbt.org/bugs/view.php?id=13901

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›