Clayton Lowell

Technical Advisory – KwikTag Web Admin Authentication Bypass

Summary: KwikTag is a digital document management solution. KwikTag Web Admin is used to administrate accounts and permissions of the KwikTag instance. KwikTag Web Admin grants an active session without properly validating expired admin credentials. Location: ~/ktadmin/Default.aspx Impact: An attacker can gain administrative access to KwikTag Web Admin by logging…

Read more
Clayton Lowell
Technical advisories
Vulnerability

July 6, 2020

3 mins read

Read more