Lucene search

MitreCVE-2002-1647

HistoryMar 28, 2005 - 5:00 a.m.

CVE-2002-1647

2005-03-2805:00:00

mitre

web.nvd.nist.gov

cve-2002-1647

slash slashcode

quick login

password guessing

referrer url

security vulnerability

remote web sites

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.004

Percentile

72.1%

JSON

The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords by reading the username and password from the Referrer URL.

Affected configurations

Nvd

Node

slashcode.comslash

VendorProductVersionCPE
slashcode.comslash*cpe:2.3:a:slashcode.com:slash:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
slashcode.com	slash	*	cpe:2.3:a:slashcode.com:slash::::::::

References

marc.info/?l=bugtraq&m=103176636403241&w=2

marc.info/?l=bugtraq&m=103177860017930&w=2

marc.info/?l=bugtraq&m=103238514720237&w=2

www.kb.cert.org/vuls/id/603945

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.004

Percentile

72.1%

JSON

Related for CVE-2002-1647