HP Quality Center Authentication Bypass

HP Quality Center versions 9.0 and 9.2 makes extensive use of ActiveX components and auxiliary client side DLL’s. During use of the application, allot of client side processing takes place. By exploiting the weak trust boundary between the server and the client components, it is possible to bypass authentication for the HP Quality Center administrative pages.

Latest
2011
2010
2009
2008
2007
2006

MWR Labs

HP Quality Center Authentication Bypass