2 matches found
Authentication flaw
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request...
CVE-2014-3781
CVE-2014-3781 describes an authentication bypass in Dotclear prior to 2.6.3 due to the dcXmlRpc::setUser method: if a user is attempting XML-RPC login with an empty password, the checkUser() path can be bypassed, allowing remote authentication bypass when the XML-RPC interface is enabled. Affecte...