admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=113018731120709&w=2 | Mailing List |
http://secunia.com/advisories/17310/ | Broken Link Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/22860 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-11-02T11:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2005-11-02T00:00:00
Link: CVE-2005-3435
JSON object: View
NVD Information
Status : Analyzed
Published: 2005-11-02T11:02:00.000
Modified: 2024-02-09T03:13:36.147
Link: CVE-2005-3435
JSON object: View
Redhat Information
No data.
CWE