Lucene search

[email protected]CVE-2002-2057

HistoryJul 14, 2005 - 4:00 a.m.

CVE-2002-2057

2005-07-1404:00:00

[email protected]

web.nvd.nist.gov

teekai forum

weak encryption

web usage statistics

access control

remote attack

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP’s visiting the site by dividing each octet by the MD5 hash of ‘20’.

Affected configurations

NVD

Node

teekaiteekai_forumMatch1.2

CPENameOperatorVersion
teekai:teekai_forumteekai teekai forumeq1.2

CPE	Name	Operator	Version
teekai:teekai_forum	teekai teekai forum	eq	1.2

References

marc.info/?l=vuln-dev&m=102313697923798&w=2

www.ifrance.com/kitetoua/tuto/Teekai.txt

www.iss.net/security_center/static/9286.php

www.securityfocus.com/bid/4926

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for CVE-2002-2057

nvd1 cvelist1