Lucene search
PRIOn knowledge basePRION:CVE-2008-6540HistoryMar 30, 2009 - 1:30 a.m.
Design/Logic Flaw
2009-03-3001:30:00
PRIOn knowledge base
www.prio-n.com
DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dotnetnuke | eq | 2.1.1 | |
| dotnetnuke | eq | 1.0.10101 | |
| dotnetnuke | eq | 1.0.10100 | |
| dotnetnuke | eq | 1.0.7 | |
| dotnetnuke | eq | 4.5.2 | |
| dotnetnuke | eq | 1.0.8 | |
| dotnetnuke | eq | 1.0.6 | |
| dotnetnuke | eq | 1.0.9 | |
| dotnetnuke | eq | 3.0.8 | |
| dotnetnuke | eq | 4.3.5 |
Related
osv
osv
DotNetNuke Default Machine Key Exposure
2022-05-14 02:38:47
nessus
nessus
cvelist
cvelist
CVE-2008-6540
2009-03-30 01:00:00
github
github
DotNetNuke Default Machine Key Exposure
2022-05-14 02:38:47
cve
cve
CVE-2008-6540
2009-03-30 01:30:00
nvd
nvd
CVE-2008-6540
2009-03-30 01:30:00