Lucene search

[email protected]NVD:CVE-2007-4961

HistorySep 18, 2007 - 10:17 p.m.

CVE-2007-4961

2007-09-1822:17:00

CWE-311

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

59.5%

JSON

The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server.

Affected configurations

Nvd

Node

lindenlabsecond_lifeMatch-

VendorProductVersionCPE
lindenlabsecond_life-cpe:2.3:a:lindenlab:second_life:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lindenlab	second_life	-	cpe:2.3:a:lindenlab:second_life:-:::::::*

References

osvdb.org/45947

www.gnucitizen.org/blog/ie-pwns-secondlife

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

59.5%

JSON

Related for NVD:CVE-2007-4961

cvelist1 prion1 cve1