Technical Advisory – KwikTag Web Admin Authentication Bypass
Summary: KwikTag is a digital document management solution. KwikTag Web Admin is used to administrate accounts and permissions of the KwikTag instance. KwikTag Web Admin grants an active session without properly validating expired admin credentials. Location: ~/ktadmin/Default.aspx Impact: An attacker can gain administrative access to KwikTag Web Admin by logging in as an admin account […]