CVE-2006-2734 - enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password gues

CVE-2006-2734

Summary

enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password guessing attacks by setting the guvenlik parameter to the same value as the hidden gguvenlik parameter, which bypasses a verification step because the gguvenlik parameter is assumed to be immutable by the attacker.

References

http://securityreason.com/securityalert/1002
http://www.nukedx.com/?getxpl=31
http://www.nukedx.com/?viewdoc=31
http://www.securityfocus.com/archive/1/435279/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:mini-nuke:mini-nuke:*:*:*:*:*:*:*:*
cpe:2.3:a:mini-nuke:mini-nuke:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2018 - 16:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20060528 Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities
misc	http://www.nukedx.com/?getxpl=31 http://www.nukedx.com/?viewdoc=31
sreason	1002

Last major update

18-10-2018 - 16:41

Published

01-06-2006 - 10:02

Last modified

18-10-2018 - 16:41