Vulnerabilities > CVE-2006-0868 - SQL Injection vulnerability in PEAR::Auth
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."
Vulnerable Configurations
Nessus
| NASL family | Gentoo Local Security Checks |
| NASL id | GENTOO_GLSA-200603-13.NASL |
| description | The remote host is affected by the vulnerability described in GLSA-200603-13 (PEAR-Auth: Potential authentication bypass) Matt Van Gundy discovered that PEAR-Auth did not correctly validate data passed to the DB and LDAP containers. Impact : A remote attacker could possibly exploit this vulnerability to bypass the authentication mechanism by injecting specially crafted input to the underlying storage containers. Workaround : There is no known workaround at this time. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 21094 |
| published | 2006-03-18 |
| reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/21094 |
| title | GLSA-200603-13 : PEAR-Auth: Potential authentication bypass |
References
- http://pear.php.net/package/Auth/download/1.2.4
- http://pear.php.net/package/Auth/download/1.3.0r4
- http://secunia.com/advisories/19008
- http://secunia.com/advisories/19301
- http://securitytracker.com/id?1015666
- http://www.gentoo.org/security/en/glsa/glsa-200603-13.xml
- http://www.securityfocus.com/archive/1/425796/100/0/threaded
- http://www.securityfocus.com/bid/16758
- http://www.vupen.com/english/advisories/2006/0696
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24854