Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.

BID:4062 | URL:http://www.securityfocus.com/bid/4062 | BUGTRAQ:20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability | URL:http://marc.info/?l=bugtraq&m=101318469216213&w=2 | HP:HPSBUX0202-185 | URL:http://online.securityfocus.com/advisories/3870 | VULNWATCH:20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability | XF:hp-advancestack-bypass-auth(8124) | URL:http://www.iss.net/security_center/static/8124.php