CVE-2005-4448 - FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and th

CVE-2005-4448

Summary

FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie.

References

Vulnerable Configurations

cpe:2.3:a:flatnuke:flatnuke:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:flatnuke:flatnuke:2.5.6:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	15796
bugtraq	20051210 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit
misc	http://cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=markup
sectrack	1015339
xf	flatnuke-multiple-obtain-information(22159)

Last major update

20-07-2017 - 01:29

Published

21-12-2005 - 11:03

Last modified

20-07-2017 - 01:29