exploitDog

CVE-2020-10539

Опубликовано: 05 фев. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password's MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user (aka a "Backdoor Password" of 3p1kursupport). If the submitted password matches either one, access is granted.

Ссылки

https://www.x41-dsec.de/lab/advisories/x41-2020-003-epikur
Exploit
Third Party Advisory
https://www.x41-dsec.de/lab/advisories/x41-2020-003-epikur
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:epikur:epikur:*:*:*:*:*:*:*:*

Версия до 20.1.1 (исключая)

EPSS

Процентиль: 59%

0.00377

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-q4x8-w6fw-v9hh

github

больше 3 лет назад

An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password's MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user (aka a "Backdoor Password" of 3p1kursupport). If the submitted password matches either one, access is granted.

EPSS

Процентиль: 59%

0.00377

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287