Vulnerabilities

CVE-2010-4279

by Fred · 02/12/2010

The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter.

Date published : 2010-12-02

http://www.securityfocus.com/bid/45112

http://www.securityfocus.com/archive/1/514939/100/0/threaded

Similar

Tags: Cybersecurity Alert