{"vuid":"VU#566894","idnumber":"566894","name":"Visibility Software Cyber Recruiter authentication bypass vulnerability","keywords":["CWE-305","visibility","recruiter"],"overview":"Visibility Software Cyber Recruiter fails to prevent unauthenticated users from accessing protected webpages.","clean_desc":"CWE-305: Authentication Bypass by Primary Weakness: Visibility Software Cyber Recruiter fails to prevent unauthenticated users from accessing protected webpages allowing unauthenticated user to view protected data hosted on the website via the AppSelfService.aspx and AgencyPortal.aspx webpages.","impact":"An unauthenticated attacker can bypass authentication and view protected data hosted on the website via the AppSelfService.aspx and AgencyPortal.aspx webpages.","resolution":"Update The vendor has released Visibility Software Cyber Recruiter 8.1.00 to address this vulnerability. Affected users are advised to upgrade to Visibility Software Cyber Recruiter 8.1.00 or higher.","workarounds":"","sysaffected":"","thanks":"Thanks to Brad Arndt and Michael Ledford for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["h","t","t","p",":","/","/","w","w","w",".","v","s","p","u","b","l","i","c",".","c","o","m","/","h","e","l","p","/","C","y","b","e","r","%","2","0","R","e","c","r","u","i","t","e","r","/","d","e","f","a","u","l","t",".","a","s","p","x","?","p","a","g","e","i","d","=","r","e","l","e","a","s","e","_","d","e","t","a","i","l","s"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-11-20T13:21:09Z","publicdate":"2014-01-27T00:00:00Z","datefirstpublished":"2014-02-03T18:01:08Z","dateupdated":"2014-02-03T18:01:08Z","revision":11,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"N","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"L","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"4.3","cvss_basevector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","cvss_temporalscore":"3.6","cvss_environmentalscore":"1.048918688323","cvss_environmentalvector":"CDP:L/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}