Описание
An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 4:4.6.6-5 |
| cosmic | not-affected | 4:4.6.6-5 |
| devel | not-affected | 4:4.6.6-5 |
| disco | not-affected | 4:4.6.6-5 |
| eoan | DNE | |
| esm-apps/bionic | not-affected | 4:4.6.6-5 |
| esm-apps/focal | not-affected | 4:4.6.6-5 |
| esm-apps/jammy | not-affected | 4:4.6.6-5 |
| esm-apps/noble | not-affected | 4:4.6.6-5 |
Показывать по
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
An issue was discovered in phpMyAdmin. When the user does not specify ...
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3