Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2020

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-2020
Last Modified 29 Jan 2009 01:48:59
Published 29 Apr 2008 09:07:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2020

Summary

The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.

Vulnerable Systems

Application

  • E107 0.7.11

  • Labgab 1.1

  • My123tkshop E-commerce-suite 0.9.1

  • Opendb 1.5.0b4

  • Php-nuke 8.1

  • Phpmybittorrent 1.2.2

  • Phpnuke Php-nuke 7.0

  • Torrentflux 2.3

  • Webze 0.5.9


References

BUGTRAQ - 20080419 Deciphering the PHP-Nuke Capthca

MISC - http://www.rooksecurity.com/blog/?p=6

SREASON - 3834

XF - captcha-imagestring-codebg-weak-security(42152)

BID - 28877


Last Updated: 27 May 2016 10:47:44