GitHub Advisory DatabaseGHSA-76RH-XV36-9MRCPEAR::Auth potential authentication bypass vulnerability
8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.8%
Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to “falsify authentication credentials,” related to the “underlying storage containers.”
References
pear.php.net/package/Auth/download/1.2.4
pear.php.net/package/Auth/download/1.3.0r4
www.gentoo.org/security/en/glsa/glsa-200603-13.xml
exchange.xforce.ibmcloud.com/vulnerabilities/24854
github.com/advisories/GHSA-76rh-xv36-9mrc
nvd.nist.gov/vuln/detail/CVE-2006-0868
web.archive.org/web/20060315074736/securitytracker.com/alerts/2006/Feb/1015666.html
web.archive.org/web/20060408105851/www.securityfocus.com/bid/16758
web.archive.org/web/20201207144810/www.securityfocus.com/archive/1/425796/100/0/threaded
Related
8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.8%