tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/159663/Tiki-Wiki-CMS-Groupware-21.1-Authentication-Bypass.html | Exploit Third Party Advisory VDB Entry |
https://info.tiki.org/article473-Security-Releases-of-all-Tiki-versions-since-16-3 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-10-22T17:26:11
Updated: 2020-10-22T17:26:11
Reserved: 2020-07-23T00:00:00
Link: CVE-2020-15906
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-10-22T18:15:12.800
Modified: 2020-11-03T01:34:35.077
Link: CVE-2020-15906
JSON object: View
Redhat Information
No data.
CWE