Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0408

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0408
Last Modified 10 Sep 2008 03:35:31
Published 14 Feb 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0408

Summary

CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable.

Vulnerable Systems

Application

  • Citrusdb 0.3.6


References

MISC - http://www.redteam-pentesting.de/advisories/rt-sa-2005-002.txt

FULLDISC - 20050214 Advisory: Authentication bypass in CitrusDB


Last Updated: 27 May 2016 10:39:48