1. CVE-Search
  2. CVE-2007-0829
ID CVE-2007-0829
Summary avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements.
References
Vulnerable Configurations
  • cpe:2.3:a:alwil:avast_antivirus:4.6.460:*:server:*:*:*:*:*
    cpe:2.3:a:alwil:avast_antivirus:4.6.460:*:server:*:*:*:*:*
  • cpe:2.3:a:alwil:avast_antivirus:4.6.489:*:server:*:*:*:*:*
    cpe:2.3:a:alwil:avast_antivirus:4.6.489:*:server:*:*:*:*:*
  • cpe:2.3:a:alwil:avast_antivirus:4.6.566:*:server:*:*:*:*:*
    cpe:2.3:a:alwil:avast_antivirus:4.6.566:*:server:*:*:*:*:*
  • cpe:2.3:a:alwil:avast_antivirus:4.7.660:*:server:*:*:*:*:*
    cpe:2.3:a:alwil:avast_antivirus:4.7.660:*:server:*:*:*:*:*
  • cpe:2.3:a:alwil:avast_antivirus:4.7.676:*:server:*:*:*:*:*
    cpe:2.3:a:alwil:avast_antivirus:4.7.676:*:server:*:*:*:*:*
CVSS
Base: 4.4 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 22425
confirm http://www.avast.com/eng/avast-4-server-revision-history.html
osvdb 33114
secunia 24068
vupen ADV-2007-0499
xf avast-password-security-bypass(32269)
Last major update 29-07-2017 - 01:30
Published 07-02-2007 - 22:28
Last modified 29-07-2017 - 01:30
Back to Top