CVE-2021-28073 Scanner
Detects 'Authentication Bypass' vulnerability in ntopng affects v. before 4.2.
Short Info
Level
High
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Url
Parent Category
CVE-2021-28073 Scanner Detail
Ntopng is a network traffic monitoring tool used to analyze traffic flows on a particular network. It provides real-time visibility into network usage and helps identify patterns and potential security threats. With ntopng, users can monitor and analyze network traffic at a granular level, identifying the source and destination of packets, the protocol used, and the amount of data transferred.
However, this powerful network monitoring tool is not immune to vulnerabilities. Recently, ntopng has been found to have an authentication bypass vulnerability with the CVE-2021-28073 code. This vulnerability allows an attacker to bypass the web server's authentication with a specially crafted HTTP request. With this vulnerability, attackers can gain unauthorized access to sensitive information on the network, compromising the security of the entire network.
Exploiting the CVE-2021-28073 vulnerability in ntopng can lead to serious consequences for a network. Attackers can steal sensitive data or make unauthorized changes to network configurations and other critical resources. This vulnerability can also give attackers access to other parts of the network, allowing them to expand their attack surface and carry out more sophisticated attacks, such as ransomware or DDoS attacks.
In conclusion, every network monitoring tool like ntopng has its vulnerabilities, and it is important to take precautions to protect against them. With the pro features of the securityforeveryone.com platform, users can easily and quickly learn about vulnerabilities in their digital assets, keep track of the newest patch fixes, and protect their digital assets from various threats. Therefore, using Securityforeveryone.com, in conjunction with an extra layer of network security measures, will ensure that you have done all possible to secure your digital assets and protect against cyberattacks.
REFERENCES
- http://noahblog.360.cn/ntopng-multiple-vulnerabilities/
- https://github.com/AndreaOm/docs/blob/c27d2db8dbedb35c9e69109898aaecd0f849186a/wikipoc/PeiQi_Wiki/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/HongKe/HongKe%20ntopng%20%E6%B5%81%E9%87%8F%E5%88%86%E6%9E%90%E7%B3%BB%E7%BB%9F%20%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2021-28073.md
- https://www.acunetix.com/vulnerabilities/web/ntopng-authentication-bypass-cve-2021-28073/
control security posture