Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0169

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-0169
Last Modified 07 Mar 2011 10:04:04
Published 03 Jun 2008 11:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0169

Summary

Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.

Vulnerable Systems

Application

  • Ikiwiki 1.34

  • Ikiwiki 1.34.1

  • Ikiwiki 1.34.2

  • Ikiwiki 1.35

  • Ikiwiki 1.36

  • Ikiwiki 1.37

  • Ikiwiki 1.38

  • Ikiwiki 1.39

  • Ikiwiki 1.40

  • Ikiwiki 1.41

  • Ikiwiki 1.42

  • Ikiwiki 1.43

  • Ikiwiki 1.44

  • Ikiwiki 1.45

  • Ikiwiki 1.46

  • Ikiwiki 1.47

  • Ikiwiki 1.48

  • Ikiwiki 1.49

  • Ikiwiki 1.5

  • Ikiwiki 1.51

  • Ikiwiki 2.0

  • Ikiwiki 2.1

  • Ikiwiki 2.10

  • Ikiwiki 2.11

  • Ikiwiki 2.12

  • Ikiwiki 2.13

  • Ikiwiki 2.14

  • Ikiwiki 2.15

  • Ikiwiki 2.16

  • Ikiwiki 2.17

  • Ikiwiki 2.18

  • Ikiwiki 2.19

  • Ikiwiki 2.2

  • Ikiwiki 2.20

  • Ikiwiki 2.3

  • Ikiwiki 2.30

  • Ikiwiki 2.31

  • Ikiwiki 2.31.1

  • Ikiwiki 2.31.2

  • Ikiwiki 2.31.3

  • Ikiwiki 2.4

  • Ikiwiki 2.40

  • Ikiwiki 2.41

  • Ikiwiki 2.42

  • Ikiwiki 2.43

  • Ikiwiki 2.44

  • Ikiwiki 2.47

  • Ikiwiki 2.5

  • Ikiwiki 2.6

  • Ikiwiki 2.7

  • Ikiwiki 2.8

  • Ikiwiki 2.9


References

XF - ikiwiki-openid-passwordauth-auth-bypass(42798)

VUPEN - ADV-2008-1710

BID - 29479

MLIST - [oss-security] 20080531 Re: CVE id request: ikiwiki

SECUNIA - 30468

CONFIRM - http://ikiwiki.info/security/#index33h2

CONFIRM - http://ikiwiki.info/news/version_2.48/index.html

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770


Last Updated: 27 May 2016 10:46:42