Authentication flaw

2007-07-1017:30:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.183 Low

EPSS

Percentile

96.2%

JSON

The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to “traffic.” NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
phptrafficaeq1.4
phptrafficaeq1.4.3
phptrafficaeq1.4.2

Name	Operator	Version
phptraffica	eq	1.4
phptraffica	eq	1.4.3
phptraffica	eq	1.4.2

References

corryl.altervista.org/index.php?mod=read&id=1183748959

osvdb.org/37477

secunia.com/advisories/25976

securityreason.com/securityalert/2870

www.securityfocus.com/archive/1/473041/100/0/threaded

www.securityfocus.com/bid/24823

exchange.xforce.ibmcloud.com/vulnerabilities/35290