Vulnerabilities > CVE-2008-6909 - Cryptographic Issues vulnerability in Marc Ingram Services

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

marc-ingram

drupal

CWE-310

NVD

Published: 2009-08-06

Updated: 2017-08-17

Summary

Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges.

Vulnerable Configurations

Part	Description	Count
Application	Marc_Ingram Marc Ingram Services 5.X-0.9 Marc Ingram Services 5.X-0.91 Marc Ingram Services 5.X-1.X-Dev Marc Ingram Services 6.X-0.9 Marc Ingram Services 6.X-0.11 Marc Ingram Services 6.X-0.12 Marc Ingram Services 6.X-1.X-Dev	7
Application	Drupal Drupal Drupal *	1

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References