CVE-2004-2079 - Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows

CVE-2004-2079

Summary

Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user.

References

Vulnerable Configurations

cpe:2.3:h:red-m:red-alert:2.7.5_v3.1_build_24:*:*:*:*:*:*:*
cpe:2.3:h:red-m:red-alert:2.7.5_v3.1_build_24:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	9618
bugtraq	20040209 Red-M Red-Alert Multiple Vulnerabilities
fulldisc	20040209 Red-M Red-Alert Multiple Vulnerabilities
misc	http://genhex.org/releases/031003.txt http://www.securiteam.com/securitynews/5SP0C0KC0A.html
osvdb	3952
sectrack	1009001
xf	redalert-gain-access(15088)

Last major update

11-07-2017 - 01:31

Published

09-02-2004 - 05:00

Last modified

11-07-2017 - 01:31