Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3370
HistoryJun 04, 2008 - 12:00 a.m.

ikiwiki空口令绕过认证漏洞

2008-06-0400:00:00
Root
www.seebug.org
14

EPSS

0.015

Percentile

87.1%

JSON

BUGTRAQ ID: 29479
CVE(CAN) ID: CVE-2008-0169

Ikiwiki是一个wiki编译器,可将wiki页面转换为可在网站发布的HTML页面。

Ikiwiki在处理访问认证时存在漏洞,如果在Ikiwiki中启用了openid和passwordauth插件的话(默认配置),用户就可以通过带有空口令的登录请求绕过认证限制登录,访问openid相关帐号。

ikiwiki ikiwiki < 2.48
ikiwiki ikiwiki 1.34
ikiwiki

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://ftp.de.debian.org/debian/pool/main/i/ikiwiki/ikiwiki_2.48.tar.gz” target=“_blank”>http://ftp.de.debian.org/debian/pool/main/i/ikiwiki/ikiwiki_2.48.tar.gz</a>

Related

ubuntucve 1
cvelist 1
nvd 1
prion 1
nessus 1
openvas 2
debiancve 1
freebsd 1
cve 1
osv 1
ubuntucve
ubuntucve
CVE-2008-0169
2008-06-03 00:00:00
cvelist
cvelist
CVE-2008-0169
2008-06-03 15:00:00
nvd
nvd
CVE-2008-0169
2008-06-03 15:32:00
prion
prion
Authentication flaw
2008-06-03 15:32:00
nessus
nessus
FreeBSD : ikiwiki -- empty password security hole (09066828-2ef1-11dd-a0d8-0016d325a0ed)
2008-06-02 00:00:00
openvas
openvas
FreeBSD Ports: ikiwiki
2008-09-04 00:00:00
FreeBSD Ports: ikiwiki
2008-09-04 00:00:00
debiancve
debiancve
CVE-2008-0169
2008-06-03 15:32:00
freebsd
freebsd
ikiwiki -- empty password security hole
2008-05-30 00:00:00
cve
cve
CVE-2008-0169
2008-06-03 15:32:00
osv
osv
ikiwiki-3.20200202.3-2.7 on GA media
2024-06-15 00:00:00

EPSS

0.015

Percentile

87.1%

JSON
Related for SSV:3370
ubuntucve1cvelist1nvd1prion1nessus1openvas2debiancve1freebsd1cve1osv1