Vulnerability Description
FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flatnuke | Flatnuke | 2.5.6 |
References
- http://cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=
- http://securitytracker.com/id?1015339Exploit
- http://www.securityfocus.com/archive/1/419107Exploit
- http://www.securityfocus.com/bid/15796Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22159
- http://cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=
- http://securitytracker.com/id?1015339Exploit
- http://www.securityfocus.com/archive/1/419107Exploit
- http://www.securityfocus.com/bid/15796Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22159
FAQ
What is CVE-2005-4448?
CVE-2005-4448 is a vulnerability with a CVSS score of 10.0 (HIGH). FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by o...
How severe is CVE-2005-4448?
CVE-2005-4448 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4448?
Check the references section above for vendor advisories and patch information. Affected products include: Flatnuke Flatnuke.