Found where there is the ability to log in as admin without even needing a password. If your ASTPP server is on a public IP, I suggest you block all incoming traffic to it except from IP addresses deemed safe
@smrdoshi. This also affects ASTPP Enterprise servers. I just logged in as admin to a commercial 4.01 Enterprise server. Of course, I logged out immediately, but the next guy won’t be as nice. I believe this exploit may affect all 10,000 ASTPP installs worldwide.
1 Like
HI, this affect the Web portal of ASTPP?
yes