Vulnerabilities > CVE-2006-0844 - Unspecified vulnerability in Leif M. Wright web Blog 3.5
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/44315/EV0082.txt |
| id | PACKETSTORM:44315 |
| last seen | 2016-12-05 |
| published | 2006-03-03 |
| reporter | Aliaksandr Hartsuyeu |
| source | https://packetstormsecurity.com/files/44315/EV0082.txt.html |
| title | EV0082.txt |
References
- http://secunia.com/advisories/18923
- http://secunia.com/advisories/18923
- http://securityreason.com/securityalert/522
- http://securityreason.com/securityalert/522
- http://www.evuln.com/vulns/82/summary.html
- http://www.evuln.com/vulns/82/summary.html
- http://www.securityfocus.com/bid/16714
- http://www.securityfocus.com/bid/16714
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24755
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24755