CVE-2018-10362

{"id": "CVE-2018-10362", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-04-25T05:29:00.313", "references": [{"url": "http://k3research.outerhaven.de/posts/small-mistakes-lead-to-big-problems.html", "tags": ["Technical Description", "Third Party Advisory", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "https://github.com/phpLiteAdmin/pla/issues/11", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation (like '2e2' for '200' or '0e1234' for '0'). This is possible because, in the loose comparison case, PHP interprets the string as a number in scientific notation, and thus converts it to a number. After that, the comparison with '==' casts the user input (e.g., the string '200' or '0') to a number, too. Hence the attacker can login with just a '0' or a simple number he has to brute force. Strong comparison with '===' prevents the cast into numbers."}, {"lang": "es", "value": "Se ha descubierto un problema en phpLiteAdmin, desde la versi\u00f3n 1.9.5 hasta la 1.9.7.1. Debido a una comparaci\u00f3n vaga con \"==\" en lugar de \"===\" en classes/Authorization.php para la contrase\u00f1a de inicio de sesi\u00f3n proporcionada por el usuario, es posible iniciar sesi\u00f3n con una contrase\u00f1a m\u00e1s simple si la contrase\u00f1a est\u00e1 en forma de potencia en notaci\u00f3n cient\u00edfica (como \"2e2\" para \"200\" o \"0e1234\" para \"0\"). Esto es posible porque, en el caso de la comparaci\u00f3n vaga, PHP interpreta las cadenas como un n\u00famero en notaci\u00f3n cient\u00edfica y, por lo tanto, la convierte en un n\u00famero. Tras eso, la comparaci\u00f3n con \"==\" tambi\u00e9n convierte las entradas del usuario (por ejemplo, las cadenas \"200\" o \"0\") a un n\u00famero. Por lo tanto, el atacante puede iniciar sesi\u00f3n con solo un \"0\" o con un n\u00famero simple que debe adivinar mediante fuerza bruta. Las comparaciones fuertes con \"===\" evitan la conversi\u00f3n a n\u00famero."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpliteadmin:phpliteadmin:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5B28B97-F635-4E13-80F5-B993782391CE", "versionEndIncluding": "1.9.7.1", "versionStartIncluding": "1.9.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}