CRITICAL🇵🇱 Wersja polska

CVE-2023-51638

CVSS 9.8v3.1pub. 2024-11-22upd. 2025-01-03

Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a database. The issue results from the use of a hardcoded password. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22360.

🤖 AI Analysis
How it works

The vulnerability (CWE-798) results from the use of a static, hardcoded password in the database configuration of the Allegra application. Since the password is fixed and immutable, an attacker can discover or reproduce it and then use it to authenticate to the system without possessing valid credentials. The exploit requires no user interaction or any prior privileges, and the attack can be conducted remotely over the network.

Impact

An attacker can completely bypass the authentication mechanism and gain unauthorized access to the system, resulting in full compromise of confidentiality, integrity, and availability of data and applications.

Mitigation & patch

Allegra should be updated to version 7.5.1 or newer in accordance with release information available at https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html.

Who is affected

Selected installations of Alltena's Allegra application; specific versions indicated in manufacturer references (vulnerability fixed in version 7.5.1 according to release information).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Alltena Allegra

    APP
    Alltena
    < 7.5.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-6216CRITICAL9.8PL ✓ten sam produkt

Allegra: pominięcie uwierzytelnienia przez przewidywalny token odzyskiwania hasła

CVE-2023-51639CRITICAL9.8PL ✓ten sam produkt

Allegra: path traversal w downloadExportedChart umożliwia ominięcie uwierzytelnienia

CVE-2025-3485HIGH8.8ten sam produkt

Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows ...

CVE-2025-3486HIGH8.8ten sam produkt

Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows re...

CVE-2023-52333HIGH7.3ten sam produkt

Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote att...