Home
Description
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the REMOTE_ADDR property in request.META is set to 127.0.0.1, to 127.0.1.1, or to ::1. Any user with local access to the server may bypass authentication.
References
www.thermofisher.com/...flow/ion-torrent-suite-software.html
assets.thermofisher.com/...0026163-Torrent-Suite-5.18-UG.pdf
documents.thermofisher.com/...and_Torrent_Suite_Software.pdf
