In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cactildapauth() allows a zero as the password.
{ "binaries": [ { "binary_name": "cacti", "binary_version": "1.2.19+ds1-2ubuntu1.1" } ] }
{ "binaries": [ { "binary_name": "cacti", "binary_version": "1.2.26+ds1-1ubuntu0.1" } ] }
{ "binaries": [ { "binary_name": "cacti", "binary_version": "1.2.28+ds1-4ubuntu1" } ] }
{ "binaries": [ { "binary_name": "cacti", "binary_version": "0.8.8b+dfsg-5ubuntu0.2+esm2" } ] }
{ "binaries": [ { "binary_name": "cacti", "binary_version": "0.8.8f+ds1-4ubuntu4.16.04.2+esm2" } ] }
{ "binaries": [ { "binary_name": "cacti", "binary_version": "1.1.38+ds1-1ubuntu0.1~esm4" } ] }
{ "binaries": [ { "binary_name": "cacti", "binary_version": "1.2.10+ds1-1ubuntu1.1+esm2" } ] }