| Vulnerability Name: | CVE-2008-0169 (CCN-42798) |
| Assigned: | 2008-05-31 |
| Published: | 2008-05-31 |
| Updated: | 2017-08-08 |
| Summary: | Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
|
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None |
|
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None |
|
| Vulnerability Type: | CWE-264
|
| Vulnerability Consequences: | Bypass Security |
| References: | Source: CCN
Type: Debian Bug report logs - #483770
ikiwiki openid + passwordauth empty password security hole
Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770
Source: MITRE
Type: CNA
CVE-2008-0169
Source: CCN
Type: ikiwiki Web site
download
Source: CONFIRM
Type: UNKNOWN
http://ikiwiki.info/news/version_2.48/index.html
Source: CCN
Type: ikiwiki security, Sat, 31 May 2008 20:16:27 -0400
Empty password security hole
Source: CONFIRM
Type: UNKNOWN
http://ikiwiki.info/security/#index33h2
Source: CCN
Type: SA30468
ikiwiki Empty Passwords Security Issue
Source: SECUNIA
Type: Vendor Advisory
30468
Source: MLIST
Type: UNKNOWN
[oss-security] 20080531 Re: CVE id request: ikiwiki
Source: CCN
Type: OSVDB ID: 45893
ikiwiki Account Password Null Value Weakness
Source: BID
Type: UNKNOWN
29479
Source: CCN
Type: BID-29479
ikiwiki Blank Password Authentication Bypass Vulnerability
Source: VUPEN
Type: UNKNOWN
ADV-2008-1710
Source: XF
Type: UNKNOWN
ikiwiki-openid-passwordauth-auth-bypass(42798)
Source: XF
Type: UNKNOWN
ikiwiki-openid-passwordauth-auth-bypass(42798)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:ikiwiki:ikiwiki:1.5:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.34:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.34.1:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.34.2:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.35:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.36:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.37:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.38:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.39:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.40:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.41:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.42:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.43:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.44:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.45:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.46:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.47:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.48:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.49:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:1.51:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.0:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.1:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.2:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.3:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.4:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.5:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.6:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.7:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.8:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.9:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.10:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.11:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.12:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.13:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.14:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.15:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.16:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.17:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.18:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.19:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.20:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.30:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.31:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.31.1:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.31.2:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.31.3:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.40:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.41:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.42:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.43:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.44:*:*:*:*:*:*:*OR cpe:/a:ikiwiki:ikiwiki:2.47:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:ikiwiki:ikiwiki:2.47:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |