CVE-2010-4279

2010-12-0217:15:00

CWE-287

[email protected]

web.nvd.nist.gov

pandora fms

authentication bypass

cve-2010-4279

nvd

security vulnerability

6.8 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.5%

JSON

The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with “admin” in the loginhash_user parameter, in conjunction with the md5 hash of “admin” in the loginhash_data parameter.

CPENameOperatorVersion
artica:pandora_fmsartica pandora fmseq1.3
artica:pandora_fmsartica pandora fmseq1.2
artica:pandora_fmsartica pandora fmseq2.1.1
artica:pandora_fmsartica pandora fmsle3.1
artica:pandora_fmsartica pandora fmseq3.0
artica:pandora_fmsartica pandora fmseq2.0
artica:pandora_fmsartica pandora fmseq1.3.1
artica:pandora_fmsartica pandora fmseq2.1

CPE	Name	Operator	Version
artica:pandora_fms	artica pandora fms	eq	1.3
artica:pandora_fms	artica pandora fms	eq	1.2
artica:pandora_fms	artica pandora fms	eq	2.1.1
artica:pandora_fms	artica pandora fms	le	3.1
artica:pandora_fms	artica pandora fms	eq	3.0
artica:pandora_fms	artica pandora fms	eq	2.0
artica:pandora_fms	artica pandora fms	eq	1.3.1
artica:pandora_fms	artica pandora fms	eq	2.1

References

osvdb.org/69549

packetstormsecurity.com/files/129830/Pandora-3.1-Auth-Bypass-Arbitrary-File-Upload.html

seclists.org/fulldisclosure/2010/Nov/326

secunia.com/advisories/42347

sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download

www.exploit-db.com/exploits/15639

www.securityfocus.com/archive/1/514939/100/0/threaded

www.securityfocus.com/bid/45112

www.exploit-db.com/exploits/35731/