Signature Detail

HTTP: Datalust Seq CVE-2018-8096 Authentication Bypass

This signature detects attempts to exploit a known vulnerability against Datalust Seq version before 4.2.605. A successful attack can lead to Authentication Bypass.

Extended Description

Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request.

Affected Products

• Datalust seq 1.3.
• Datalust seq 1.3.10
• Datalust seq 1.3.11
• Datalust seq 1.3.9
• Datalust seq 1.4.10
• Datalust seq 1.4.11
• Datalust seq 1.4.12
• Datalust seq 1.4.6
• Datalust seq 1.4.7
• Datalust seq 1.4.8
• Datalust seq 1.4.9
• Datalust seq 1.5.16
• Datalust seq 1.5.17
• Datalust seq 1.5.18
• Datalust seq 1.5.19
• Datalust seq 1.6.10
• Datalust seq 1.6.11
• Datalust seq 1.6.12
• Datalust seq 1.6.13
• Datalust seq 1.6.4
• Datalust seq 1.6.5
• Datalust seq 1.6.6
• Datalust seq 1.6.7
• Datalust seq 1.6.8
• Datalust seq 1.6.9
• Datalust seq 2.0.19
• Datalust seq 2.1.21
• Datalust seq 2.1.22
• Datalust seq 2.2.8
• Datalust seq 2.3.3
• Datalust seq 2.3.4
• Datalust seq 2.4.2
• Datalust seq 3.0.30
• Datalust seq 3.1.16
• Datalust seq 3.1.17
• Datalust seq 3.2.16
• Datalust seq 3.3.20
• Datalust seq 3.3.21
• Datalust seq 3.3.22
• Datalust seq 3.3.23
• Datalust seq 3.4.17
• Datalust seq 3.4.18
• Datalust seq 3.4.20
• Datalust seq 4.0.58
• Datalust seq 4.0.60
• Datalust seq 4.1.14
• Datalust seq 4.1.16
• Datalust seq 4.1.17
• Datalust seq 4.2.470
• Datalust seq 4.2.476

References

• CVE: CVE-2018-8096
• URL: https://github.com/datalust/seq-tickets/issues/675