Erlend Leiknes, Security Consultant at mnemonic, identified and disclosed the following vulnerability given CVE id CVE-2017-15883
A cryptographic weakness was found in Sitefinity, allowing an attacker to bypass authentication.
An exploit may lead to denial of service on load balanced sites and/or may lead to elevation of backend user privileges.
Estimated CVSSv3 Base Score: 8.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C
The vulnerability affects Sitefinity versions 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x and 10.x.
Official release notes and security advisory can be found at: https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883