| Vulnerability Name: | CVE-2000-0689 (CCN-5125) | ||||||||
| Assigned: | 2000-08-23 | ||||||||
| Published: | 2000-08-23 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: BUGTRAQ Type: Exploit, Vendor Advisory 20000823 Account Manager CGI Vulnerability Source: CCN Type: BugTraq Mailing List, Wed Aug 23 2000 - 21:06:13 CDT Account Manager CGI Vulnerability Source: MITRE Type: CNA CVE-2000-0689 Source: CCN Type: Elite CGI Script Center Web site Account Manager LITE Source: CONFIRM Type: UNKNOWN http://www.cgiscriptcenter.com/acctlite/ Source: CCN Type: Elite Host CGI Web site Register Account Manager™ Professional Source: OSVDB Type: UNKNOWN 13341 Source: CCN Type: OSVDB ID: 13341 Account Manager LITE amadmin.pl Admin Password Modification Source: BID Type: Exploit, Patch, Vendor Advisory 1604 Source: CCN Type: BID-1604 CGI Script Center Account Manager LITE / PRO Administrative Password Alteration Vulnerability Source: XF Type: UNKNOWN account-manager-overwrite-password(5125) Source: XF Type: UNKNOWN account-manager-overwrite-password(5125) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||