Vulnerabilities > CVE-2006-6679 - Incorrect Authorization vulnerability in Chetcpasswd Project Chetcpasswd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454
- http://marc.info/?l=bugtraq&m=116371297325564&w=2
- http://secunia.com/advisories/22967
- http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649
- http://www.osvdb.org/30544
- http://www.securityfocus.com/bid/21102
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30451
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30451
- http://www.securityfocus.com/bid/21102
- http://www.osvdb.org/30544
- http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649
- http://secunia.com/advisories/22967
- http://marc.info/?l=bugtraq&m=116371297325564&w=2