admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=113018731120709&w=2 | Mailing List |
http://secunia.com/advisories/17310/ | Broken Link Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/22860 | Third Party Advisory VDB Entry |
http://marc.info/?l=bugtraq&m=113018731120709&w=2 | Mailing List |
http://secunia.com/advisories/17310/ | Broken Link Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/22860 | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 00:01
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=113018731120709&w=2 - Mailing List | |
References | () http://secunia.com/advisories/17310/ - Broken Link, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/22860 - Third Party Advisory, VDB Entry |
09 Feb 2024, 03:13
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-522 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References | () http://marc.info/?l=bugtraq&m=113018731120709&w=2 - Mailing List | |
References | () http://secunia.com/advisories/17310/ - Broken Link, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/22860 - Third Party Advisory, VDB Entry |
Information
Published : 2005-11-02 11:02
Updated : 2024-11-21 00:01
NVD link : CVE-2005-3435
Mitre link : CVE-2005-3435
CVE.ORG link : CVE-2005-3435
JSON object : View
Products Affected
archilles
- newsworld
CWE
CWE-522
Insufficiently Protected Credentials