ntopng Authentication Bypass (CVE-2021-28073) - Vulnerability Database

ntopng Authentication Bypass (CVE-2021-28073)

Description

ntopng versions prior to 4.2 contain an authentication bypass vulnerability (CVE-2021-28073) that allows attackers to circumvent the web interface authentication mechanism. By sending a specially crafted HTTP request, an attacker can gain unauthorized access to the ntopng web interface without providing valid credentials. This vulnerability affects the core authentication logic of the web server component.

Remediation

Immediately upgrade ntopng to version 4.2 or later to remediate this vulnerability. Follow these steps:

1. Verify your current ntopng version by checking the web interface or running:

ntopng --version

2. Download the latest stable version from the official ntopng website (https://www.ntop.org/)
3. Stop the ntopng service before upgrading
4. Install the updated version following the distribution-specific installation instructions
5. Restart the ntopng service and verify the new version is running
6. Review access logs for any suspicious authentication attempts or unauthorized access during the vulnerable period

As a temporary mitigation if immediate patching is not possible, restrict network access to the ntopng web interface using firewall rules to allow only trusted IP addresses.