Security Flaw In SpiceWorks App Allows Anyone To Login With Admin Privileges

spiceworks flaw

Spiceworks community member Darren K. Smith has identified a critical security flaw in the latest version of Spiceworks application that allows anyone to login with admin privileges.
For those who don't know Spiceworks, it is an efficient and user-friendly application for managing IT-related tasks and assignments, ranging from running network inventories, creating a help desk, generating reports and troubleshooting potential problems.

The flaw allows anyone in a company with malicious intentions to use an alternate Facebook or LinkedIn account to log in as an administrator and wreak havoc in the system.

Joseph Griffin, Verification engineer at Spiceworks said on Tuesday that the glitch was replicated and that the security issue "requires immediate attention," a fix being planned for this week.

In order to stop the exploitation of this flaw, you should completely disable social sign-in in the application until an updated version containing a fix becomes available.

No comments

Powered by Blogger.