HP Quality Center Authentication Bypass
- Published: 3 Oct 2008
- Type: HP Quality Center Unauthenticated Access
- Severity: High
Affected Products
HP Quality Center
CVE
CVE-2009-0116
HP Quality Center versions 9.0 and 9.2 makes extensive use of ActiveX components and auxiliary client side DLL’s. During use of the application, allot of client side processing takes place. By exploiting the weak trust boundary between the server and the client components, it is possible to bypass authentication for the HP Quality Center administrative pages.