Truworth Online Time Sheet 2.1 Authentication Bypass vulnerability

There is an authentication bypass vulnerability in Truworth Online Time Sheet 2.1 due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability would permit unauthorized access with admin privilages.

Software

Software Link: Truworth Online Time Sheet 2.1

Vulnerable Version: <= 2.1

Vendor Notification: rm@truworth.com at 2010-11-06 1:25AM

# No reply from vendor by 2010-11-13 # Advisory released.

Vulnerabilities

# Authentication Bypass # <= 2.1 # Unpatched

Appendix

[TXT] Truworth Online Time Sheet 2.1 Authentication Bypass vulnerability