Lucene search

[email protected]NVD:CVE-2005-4448

HistoryDec 21, 2005 - 11:03 a.m.

CVE-2005-4448

2005-12-2111:03:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.019

Percentile

88.8%

JSON

FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie.

Affected configurations

Nvd

Node

flatnukeflatnukeMatch2.5.6

VendorProductVersionCPE
flatnukeflatnuke2.5.6cpe:2.3:a:flatnuke:flatnuke:2.5.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
flatnuke	flatnuke	2.5.6	cpe:2.3:a:flatnuke:flatnuke:2.5.6:::::::*

References

cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=markup

securitytracker.com/id?1015339

www.securityfocus.com/archive/1/419107

www.securityfocus.com/bid/15796

exchange.xforce.ibmcloud.com/vulnerabilities/22159

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.019

Percentile

88.8%

JSON

Related for NVD:CVE-2005-4448

cvelist2 cve2 exploitdb1 nvd1 nessus1