Technical Advisory – ICTFAX 7-4 – Indirect Object Reference

Vendor: ICTFAX Vendor URL: https://www.ictfax.org Versions affected: ICTFax Version 4.0.2 Author: Derek Stoeckenius Summary ICTFax is fax to email software maintained by ICTInnovations. In version 7-4 of this product, available through the CentOS software repository, an indirect object reference allows a user of any privilege level to change the password of any other user within … Continue reading Technical Advisory – ICTFAX 7-4 – Indirect Object Reference