Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2734

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2734
Last Modified 05 Sep 2008 05:05:17
Published 01 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2734

Summary

enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password guessing attacks by setting the guvenlik parameter to the same value as the hidden gguvenlik parameter, which bypasses a verification step because the gguvenlik parameter is assumed to be immutable by the attacker.

Vulnerable Systems

Application

  • Mini-nuke 2.3


References

BUGTRAQ - 20060528 Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities

MISC - http://www.nukedx.com/?viewdoc=31

MISC - http://www.nukedx.com/?getxpl=31

SREASON - 1002


Last Updated: 27 May 2016 10:42:44