CVE-2010-0550 - OpenCVE

admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Geopp	Geo\+\+ Gncaster

Configuration 1 [-]

OR	cpe:2.3:a:geopp:geo\+\+_gncaster::::::::
	cpe:2.3:a:geopp:geo\+\+_gncaster:1.4.0.0:::::::*

References

Link	Resource
http://osvdb.org/62013
http://secunia.com/advisories/38323	Vendor Advisory
http://www.redteam-pentesting.de/en/advisories/rt-sa-2010-003/-geo-r-gncaster-faulty-implementation-of-http-digest-authentication
http://www.securityfocus.com/archive/1/509199/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/55976

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-02-04T19:00:00

Updated: 2018-10-10T18:57:01

Reserved: 2010-02-04T00:00:00

Link: CVE-2010-0550

JSON object: View

NVD Information

Status : Modified

Published: 2010-02-04T20:15:50.077

Modified: 2018-10-10T19:53:02.117

Link: CVE-2010-0550

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-01-27T00:00:00", "descriptions": [{"lang": "en", "value": "admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20100127 [RT-SA-2010-003] Geo++(R) GNCASTER: Faulty implementation of HTTPDigest Authentication", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/509199/100/0/threaded"}, {"name": "gncaster-httpbasic-weak-security(55976)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55976"}, {"tags": ["x_refsource_MISC"], "url": "http://www.redteam-pentesting.de/en/advisories/rt-sa-2010-003/-geo-r-gncaster-faulty-implementation-of-http-digest-authentication"}, {"name": "62013", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/62013"}, {"name": "38323", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38323"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0550", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20100127 [RT-SA-2010-003] Geo++(R) GNCASTER: Faulty implementation of HTTPDigest Authentication", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/509199/100/0/threaded"}, {"name": "gncaster-httpbasic-weak-security(55976)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55976"}, {"name": "http://www.redteam-pentesting.de/en/advisories/rt-sa-2010-003/-geo-r-gncaster-faulty-implementation-of-http-digest-authentication", "refsource": "MISC", "url": "http://www.redteam-pentesting.de/en/advisories/rt-sa-2010-003/-geo-r-gncaster-faulty-implementation-of-http-digest-authentication"}, {"name": "62013", "refsource": "OSVDB", "url": "http://osvdb.org/62013"}, {"name": "38323", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38323"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0550", "datePublished": "2010-02-04T19:00:00", "dateReserved": "2010-02-04T00:00:00", "dateUpdated": "2018-10-10T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:geopp:geo\\+\\+_gncaster:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA1ADC7D-0827-48C8-B962-A4AF0A04F92B", "versionEndIncluding": "1.4.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:geopp:geo\\+\\+_gncaster:1.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF9C6F61-5F7C-4530-8485-6F379E009D53", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy."}, {"lang": "es", "value": "admin.htm en Geo++ GNCASTER v1.4.0.7 y anteriores, no refuerza adecuadamente el HTTP Digest Authentication, lo que permite a usuarios autenticados remotamente usar la autenticaci\u00f3n HTTP Basic Authentication, evitando las restricciones de acceso establecidas en el servidor."}], "id": "CVE-2010-0550", "lastModified": "2018-10-10T19:53:02.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-02-04T20:15:50.077", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/62013"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38323"}, {"source": "cve@mitre.org", "url": "http://www.redteam-pentesting.de/en/advisories/rt-sa-2010-003/-geo-r-gncaster-faulty-implementation-of-http-digest-authentication"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/509199/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55976"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}