CVE-2008-7050

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-7050
The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695f2c2f200a Exploit
http://secunia.com/advisories/32653 Vendor Advisory
http://www.osvdb.org/49704
http://www.vupen.com/english/advisories/2008/3109 Patch Vendor Advisory
http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2153 Vendor Advisory
http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2167 Patch Vendor Advisory
http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695f2c2f200a Exploit
http://secunia.com/advisories/32653 Vendor Advisory
http://www.osvdb.org/49704
http://www.vupen.com/english/advisories/2008/3109 Patch Vendor Advisory
http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2153 Vendor Advisory
http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2167 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:wowraidmanager:wowraidmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:wowraidmanager:wowraidmanager:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:wowraidmanager:wowraidmanager:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:wowraidmanager:wowraidmanager:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:wowraidmanager:wowraidmanager:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wowraidmanager:wowraidmanager:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:wowraidmanager:wowraidmanager:3.5.0:*:*:*:*:*:*:*
History

21 Nov 2024, 00:58

Type Values Removed Values Added
References () http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695f2c2f200a - Exploit () http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695f2c2f200a - Exploit
References () http://secunia.com/advisories/32653 - Vendor Advisory () http://secunia.com/advisories/32653 - Vendor Advisory
References () http://www.osvdb.org/49704 - () http://www.osvdb.org/49704 -
References () http://www.vupen.com/english/advisories/2008/3109 - Patch, Vendor Advisory () http://www.vupen.com/english/advisories/2008/3109 - Patch, Vendor Advisory
References () http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2153 - Vendor Advisory () http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2153 - Vendor Advisory
References () http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2167 - Patch, Vendor Advisory () http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2167 - Patch, Vendor Advisory
Information

Published : 2009-08-24 10:30

Updated : 2024-11-21 00:58

NVD link : CVE-2008-7050

Mitre link : CVE-2008-7050

CVE.ORG link : CVE-2008-7050

JSON object : View

Products Affected

wowraidmanager

  • wowraidmanager
CWE
CWE-255

Credentials Management Errors


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024