Описание
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 2.50ubuntu1 |
| feisty | ignored | end of life, was needed |
| gutsy | ignored | end of life, was needed |
| hardy | ignored | end of life |
| intrepid | not-affected | 2.50ubuntu1 |
| jaunty | not-affected | 2.50ubuntu1 |
| karmic | not-affected | 2.50ubuntu1 |
| lucid | not-affected | 2.50ubuntu1 |
| maverick | not-affected | 2.50ubuntu1 |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 t ...
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
EPSS
6.8 Medium
CVSS2