Vulnerabilities > CVE-2006-6679 - Incorrect Authorization vulnerability in Chetcpasswd Project Chetcpasswd

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

chetcpasswd-project

CWE-863

NVD

Published: 2006-12-21

Updated: 2024-01-25

Summary

Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.

Vulnerable Configurations

Part	Description	Count
Application	Chetcpasswd_Project Chetcpasswd Project Chetcpasswd 1.12 Chetcpasswd Project Chetcpasswd 2.0 Chetcpasswd Project Chetcpasswd 2.1 Chetcpasswd Project Chetcpasswd 2.2 Chetcpasswd Project Chetcpasswd 2.2.1 Chetcpasswd Project Chetcpasswd 2.3 Chetcpasswd Project Chetcpasswd 2.3.1 Chetcpasswd Project Chetcpasswd 2.3.2 Chetcpasswd Project Chetcpasswd 2.3.3	9

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References