Vulnerabilities

CVE-2009-1283

by Fred · 09/04/2009

glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_password cookie, aka "User Masquerading." NOTE: this can be leveraged with a separate SQL injection vulnerability to steal hashes.

Date published : 2009-04-09

http://marc.info/?l=bugtraq&m=123877379105028&w=2

http://www.glfusion.org/article.php/glfusion113

Similar

Tags: Cybersecurity Alert