Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7050

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-7050
Last Modified 24 Aug 2009 12:00:00
Published 24 Aug 2009 06:30:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7050

Summary

The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password.

Vulnerable Systems

Application

  • Wowraidmanager 3.1.0

  • Wowraidmanager 3.1.1

  • Wowraidmanager 3.1.2

  • Wowraidmanager 3.2.0

  • Wowraidmanager 3.2.1

  • Wowraidmanager 3.5.0

  • Wowraidmanager 3.5.1


References

CONFIRM - http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2167

VUPEN - ADV-2008-3109

CONFIRM - http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2153

OSVDB - 49704

SECUNIA - 32653

MISC - http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695f2c2f200a


Last Updated: 27 May 2016 10:49:26