CVE-2007-4961 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Lindenlab	Second Life	-

Related Weaknesses (CWE)

CWE-311

References

http://osvdb.org/45947Broken Link
http://www.gnucitizen.org/blog/ie-pwns-secondlifeExploit
http://osvdb.org/45947Broken Link
http://www.gnucitizen.org/blog/ie-pwns-secondlifeExploit

FAQ

What is CVE-2007-4961?

CVE-2007-4961 is a vulnerability with a CVSS score of 7.5 (HIGH). The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd fie...

How severe is CVE-2007-4961?

CVE-2007-4961 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-4961?

Check the references section above for vendor advisories and patch information. Affected products include: Lindenlab Second Life.