Vulnerability Description
The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords by reading the username and password from the Referrer URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Slashcode.Com | Slash | All versions |
References
- http://marc.info/?l=bugtraq&m=103176636403241&w=2
- http://marc.info/?l=bugtraq&m=103177860017930&w=2
- http://marc.info/?l=bugtraq&m=103238514720237&w=2
- http://www.kb.cert.org/vuls/id/603945US Government Resource
- http://marc.info/?l=bugtraq&m=103176636403241&w=2
- http://marc.info/?l=bugtraq&m=103177860017930&w=2
- http://marc.info/?l=bugtraq&m=103238514720237&w=2
- http://www.kb.cert.org/vuls/id/603945US Government Resource
FAQ
What is CVE-2002-1647?
CVE-2002-1647 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords ...
How severe is CVE-2002-1647?
CVE-2002-1647 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1647?
Check the references section above for vendor advisories and patch information. Affected products include: Slashcode.Com Slash.