Unrated severityNVD Advisory· Published Oct 25, 2023· Updated Sep 25, 2024

Missing Authentication In IDAttend’s IDWeb Application

CVE-2023-27257

Description

Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing authentication in IDAttend's IDWeb application allows unauthenticated attackers to retrieve student information.

Vulnerability

Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application versions 3.1.052 and earlier allows unauthenticated access to student information. Discovered in version 3.1.013 [1].

Exploitation

An attacker can exploit this vulnerability by sending a request to the vulnerable endpoint without any authentication. No special network position or user interaction is required [1].

Impact

Successful exploitation allows an unauthenticated attacker to retrieve student information, leading to information disclosure [1].

Mitigation

The vulnerability is fixed in version 3.1.053 [1]. Users should upgrade to this version or later.

References

Missing Authentication In IDAttend’s IDWeb Application

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

IDAttend/IDWebllm-fuzzy
Range: <=3.1.052
IDAttend Pty Ltd/IDWebv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.themissinglink.com.au/security-advisories/cve-2023-27257mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000