Lucene search

MitreCVE-2007-4961

HistorySep 18, 2007 - 10:17 p.m.

CVE-2007-4961

2007-09-1822:17:00

CWE-311

mitre

web.nvd.nist.gov

second life

vulnerability

cve-2007-4961

network sniffing

authentication

security issue

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

59.5%

JSON

The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server.

Affected configurations

Nvd

Node

lindenlabsecond_lifeMatch-

VendorProductVersionCPE
lindenlabsecond_life-cpe:2.3:a:lindenlab:second_life:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lindenlab	second_life	-	cpe:2.3:a:lindenlab:second_life:-:::::::*

References

osvdb.org/45947

www.gnucitizen.org/blog/ie-pwns-secondlife

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

59.5%

JSON

Related for CVE-2007-4961