3 matches found
[KIS-2014-05] Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability
------------------------------------------------------------------------- Dotclear = 2.6.2 XML-RPC Interface Authentication Bypass Vulnerability ------------------------------------------------------------------------- - Software Link: http://dotclear.org/ - Affected Versions: Version 2.6.2 and...
CVE-2014-3781
CVE-2014-3781 describes an authentication bypass in Dotclear prior to 2.6.3 due to the dcXmlRpc::setUser method: if a user is attempting XML-RPC login with an empty password, the checkUser() path can be bypassed, allowing remote authentication bypass when the XML-RPC interface is enabled. Affecte...
Dotclear 2.6.2 Authentication Bypass
------------------------------------------------------------------------- Dotclear core-auth-userID == $userid 267. return true; 268. 269. 270. if $this-core-auth-checkUser$userid,$pwd !== true 271. throw new Exception'Login error'; 272. 273. 274. return true; The vulnerability exists because of...