Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass. This issue affects Octopod: before v1. NOTE: The vendor was contacted and it was learned that the product is not supported.
The vulnerability classified as CWE-305 (Authentication Bypass by Primary Weakness) consists in the fact that an attacker can bypass the application's primary authentication mechanism without needing to possess valid credentials. The attack vector is network-based, requires no privileges or user interaction, which means full possibility of remote exploitation of the vulnerability.
An attacker can gain unauthorized access to the system, which in the case of full CVSS scope (C:H/I:H/A:H) means potential takeover of the application, access to sensitive data, its modification, and disruption of service availability.
No official patch available — the manufacturer does not support the product. It is recommended to immediately withdraw XPodas Octopod application from production use or isolate it from the network. If migration is not possible, compensating access controls should be implemented at the network level (firewall, VPN) and a security review of the environment where the application operates should be conducted.
XPodas Octopod in all versions before v1. The vendor confirmed that the product is no longer supported.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H