VULHUB ™

Due to authentication weaknesses in '.cobalt/siteUserMod/siteUserMod.cgi/' any user with Site Administrator access to a RaQ 1 or 2 with web administration enabled can elevate themselves to Server Administration access by changing the password of the 'admin' account. On RaQ3 products, a Site Administrator can change the password of any user except 'admin' . This is accomplished by copying and then modifying local copies of two frames of the web administration page, index.htm and right.htm .

Due to authentication weaknesses in '.cobalt/siteUserMod/siteUserMod.cgi/' any user with Site Administrator access to a RaQ 1 or 2 with web administration enabled can elevate themselves to Server Administration access by changing the password of the 'admin' account. On RaQ3 products, a Site Administrator can change the password of any user except 'admin' . This is accomplished by copying and then modifying local copies of two frames of the web administration page, index.htm and right.htm .