Lucene search
HistoryMar 28, 2005 - 5:00 a.m.
CVE-2002-1656
cve-2002-1656
x-news
authentication
md5
checksum
sniffing
users.txt
data file
cookie
security vulnerability
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
High
0.01 Low
EPSS
Percentile
83.9%
X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.
Affected configurations
Node
xqusx-newsMatch1.0
ORxqusx-newsMatch1.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| xqus:x-news | xqus x-news | eq | 1.0 |
| xqus:x-news | xqus x-news | eq | 1.1 |
Related
nessus
nessus
X-News Password MD5 Hash Authentication Bypass
2004-02-21 00:00:00
openvas
openvas
X-News '/db/users.txt' Information Disclosure Vulnerability
2005-11-03 00:00:00
x-news 1
2005-11-03 00:00:00
nvd
nvd
CVE-2002-1656
2002-12-31 05:00:00
cvelist
cvelist
CVE-2002-1656
2005-03-28 05:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
High
0.01 Low
EPSS
Percentile
83.9%
Related for CVE-2002-1656