Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1656

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1656
Last Modified 05 Sep 2008 04:31:10
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1656

Summary

X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.

Vulnerable Systems

Application

  • Xqus X-news 1.0

  • Xqus X-news 1.1


References

CERT-VN - VU#162723

XF - xnews-users-world-readable(8465)

BID - 4283

MISC - http://www.ifrance.com/kitetoua/tuto/x_holes.txt

SECTRACK - 1003828


Last Updated: 27 May 2016 10:37:26