Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4961

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4961
Last Modified 15 Nov 2008 01:59:12
Published 18 Sep 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4961

Summary

The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server.

Vulnerable Systems

Application

  • Linden Lab Second Life 1


References

MISC - http://www.gnucitizen.org/blog/ie-pwns-secondlife

OSVDB - 45947


Last Updated: 27 May 2016 10:46:01