Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4961


Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4961
Last Modified 15 Nov 2008 01:59:12
Published 18 Sep 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server.

Vulnerable Systems


  • Linden Lab Second Life 1



OSVDB - 45947

Last Updated: 27 May 2016 10:46:01