Описание
backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.
backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-3445
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445
- http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.html
- http://seclists.org/fulldisclosure/2014/May/130
- http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12
- http://www.securityfocus.com/bid/67644
EPSS
Процентиль: 89%
0.04393
Низкий
CVE ID
Связанные уязвимости
CVSS3: 9.8
nvd
около 6 лет назад
backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.
EPSS
Процентиль: 89%
0.04393
Низкий