CVE-2013-7379: API admin authentication weakness

May 16, 2014

The tomato API uses an access key to protect the admin API from unauthorized access. The key passed as parameter is checked to see if it is included in the configured value, not equal. As a result a single character contained in the key is sufficient to gain access to the admin API.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7379

Code Behaviors & Features

Detect and mitigate CVE-2013-7379 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →