Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass. This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
The vulnerability classified as CWE-305 (Authentication Bypass by Primary Weakness) consists of the ability to bypass the main authentication mechanism in the TeoBASE application. An attacker can remotely, without any privileges and without user interaction, bypass identity verification and gain unauthorized access to the system. The manufacturer, despite previous contact from researchers, did not respond to the report, which means there is no official statement or patch from TeoSOFT.
An attacker can gain full unauthorized access to the system — violating the confidentiality, integrity and availability of data — without the need to possess any access credentials.
Patches available from the manufacturer should be applied according to references. Due to the manufacturer's lack of response to the vulnerability report, it is recommended to contact TeoSOFT to obtain information about available updates and to consider implementing additional access controls (e.g., restricting network access to the application through a firewall) until an official patch is released.
TeoSOFT Software TeoBASE in all versions up to and including 2024-03-27.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H