AlterPath Manager (APM) Console Server
AlterPath Manager (APM) allows any connected user grant themselves administrator access.
AlterPath Manager 1.1.0 and below
Any authorized user of the APM 1.1.0 web interface can grant themselves administrator access. When saveUser.do is called, it does not confirm the user has access to modify user accounts. By changing the adminUser value to "true", their user account can be saved and granted administrative privleges.
In the URL below, replace my_id, My+name, email and other user information as desired. Set the adminuser equal to "true" to grant escalated privileges--this will grant the user identified by userID (userID is an internal Cyclades identifier--it can be found in certain APM URLs or HTML pages):
Upgrade to version 1.2.0 or higher.
Updated information can be found on OSVDB.org under the following entries:
OSVDB-14074Cyclades AlterPath Manager Privilege Escalation