2 matches found
CVE-2004-2443
The CVE affects Jaws 0.3. An authentication bypass is possible via an HTTP request to admin.php where the cookie is set to the MD5 hash of a null password; this is compared against the logged session variable in application.php’s logged_on function. This yields a likely auth bypass with partial c...
CVE-2004-2443
Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the loggedon function in application.php...