Vulnerabilities > CVE-2005-0408 - Use of Password Hash With Insufficient Computational Effort vulnerability in Citrusdb 0.3.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | CitrusDB 0.3.6 Remote Authentication Bypass Vulnerability. CVE-2005-0408. Webapps exploit for php platform |
| id | EDB-ID:25102 |
| last seen | 2016-02-03 |
| modified | 2004-02-15 |
| published | 2004-02-15 |
| reporter | RedTeam Pentesting |
| source | https://www.exploit-db.com/download/25102/ |
| title | CitrusDB 0.3.6 - Remote Authentication Bypass Vulnerability |
Nessus
| NASL family | CGI abuses |
| NASL id | CITRUSDB_PASSWORD.NASL |
| description | The remote host is running CitrusDB, an open source customer database application written in PHP. The version of CitrusDB installed on the remote host uses as an authentication cookie the MD5 checksum of a username followed by the constant |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 16477 |
| published | 2005-02-16 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/16477 |
| title | CitrusDB Static id_hash Admin Authentication Bypass |