Lucene search
MitreCVE-2009-0461HistoryFeb 10, 2009 - 7:00 a.m.
CVE-2009-0461
2009-02-1007:00:24
CWE-287
mitre
web.nvd.nist.gov
20
cve-2009-0461
whole hog password protect
enhanced 1.x
remote attackers
authentication bypass
adminid cookie
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.007
Percentile
80.8%
Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
Affected configurations
Node
wholehogsoftwarepassword_protectMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wholehogsoftware | password_protect | 1.0 | cpe:2.3:a:wholehogsoftware:password_protect:1.0:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2009-0461
2009-02-06 01:00:00
prion
prion
Authentication flaw
2009-02-10 07:00:00
nvd
nvd
CVE-2009-0461
2009-02-10 07:00:24
exploitdb
exploitdb
WholeHogSoftware Ware Support - Insecure Cookie Handling
2009-02-03 00:00:00
WholeHogSoftware Password Protect - Insecure Cookie Handling
2009-02-03 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.007
Percentile
80.8%
Related for CVE-2009-0461