Lucene search

K

GoogleOSV:GHSA-V6FH-VG22-R6CM

HistoryMay 17, 2022 - 3:18 a.m.

phpMyAdmin ReCaptcha bypass

2022-05-1703:18:28

Google

osv.dev

12

phpmyadmin

recaptcha

bypass

authenticationcookie.class.php

remote attackers

brute-force

credential guessing

software

EPSS

0.006

Percentile

78.5%

libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.

References

lists.fedoraproject.org/pipermail/package-announce/2015-September/166294.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/166307.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/166531.html

www.debian.org/security/2015/dsa-3382

github.com/phpmyadmin/phpmyadmin/commit/0314e67900f01410bc8c81c58a40dc0515e3c91d

github.com/phpmyadmin/phpmyadmin/commit/785f4e2711848eb8945894199d5870253a88584e

nvd.nist.gov/vuln/detail/CVE-2015-6830

web.archive.org/web/20200228052837/www.securityfocus.com/bid/76674

web.archive.org/web/20211215060142/www.securitytracker.com/id/1033546

www.phpmyadmin.net/security/PMASA-2015-4

EPSS

0.006

Percentile

78.5%

Related for OSV:GHSA-V6FH-VG22-R6CM

openvas7 mageia1 fedora3 cve1 nessus7 prion1 freebsd1 nvd1 debiancve1 ubuntucve1 cvelist1 github1 phpmyadmin1 osv2 debian1