CVE-2011-1560 - OpenCVE

solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Soliddb

Configuration 1 [-]

OR	cpe:2.3:a:ibm:soliddb::::::::
	cpe:2.3:a:ibm:soliddb:4.5.167:::::::*
	cpe:2.3:a:ibm:soliddb:4.5.168:::::::*
	cpe:2.3:a:ibm:soliddb:4.5.169:::::::*
	cpe:2.3:a:ibm:soliddb:4.5.173:::::::*
	cpe:2.3:a:ibm:soliddb:4.5.175:::::::*
	cpe:2.3:a:ibm:soliddb:4.5.176:::::::*
	cpe:2.3:a:ibm:soliddb:4.5.178:::::::*
	cpe:2.3:a:ibm:soliddb:4.5.179:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:ibm:soliddb:6.0.1060:::::::*
	cpe:2.3:a:ibm:soliddb:6.0.1061:::::::*
	cpe:2.3:a:ibm:soliddb:6.0.1064:::::::*
	cpe:2.3:a:ibm:soliddb:6.0.1065:::::::*
	cpe:2.3:a:ibm:soliddb:6.0.1066:::::::*
	cpe:2.3:a:ibm:soliddb:6.1:::::::*
	cpe:2.3:a:ibm:soliddb:6.1.18:::::::*
	cpe:2.3:a:ibm:soliddb:6.1.20:::::::*
	cpe:2.3:a:ibm:soliddb:6.3.33:::::::*
	cpe:2.3:a:ibm:soliddb:6.3.37:::::::*
	cpe:2.3:a:ibm:soliddb:6.3.38:::::::*
	cpe:2.3:a:ibm:soliddb:6.5.0.0:::::::*
	cpe:2.3:a:ibm:soliddb:6.5.0.1:::::::*
	cpe:2.3:a:ibm:soliddb:6.5.0.2:::::::*
	cpe:2.3:a:ibm:soliddb:6.30.0039:::::::*
	cpe:2.3:a:ibm:soliddb:6.30.0040:::::::*
	cpe:2.3:a:ibm:soliddb:6.30.0044:::::::*

References

Link	Resource
http://osvdb.org/71494
http://secunia.com/advisories/44030
http://www.ibm.com/support/docview.wss?uid=swg21474552	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0854
http://www.zerodayinitiative.com/advisories/ZDI-11-115/
https://exchange.xforce.ibmcloud.com/vulnerabilities/66455