CVE-2008-7050 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2008-7050?

CVE-2008-7050 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-7050?

Check the references section above for vendor advisories and patch information. Affected products include: Wowraidmanager Wowraidmanager.

Vulnerability Description

The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Wowraidmanager	Wowraidmanager	<= 3.5.1

Related Weaknesses (CWE)

CWE-255

References

http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695fExploit
http://secunia.com/advisories/32653Vendor Advisory
http://www.osvdb.org/49704
http://www.vupen.com/english/advisories/2008/3109PatchVendor Advisory
http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2153Vendor Advisory
http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2167PatchVendor Advisory
http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695fExploit
http://secunia.com/advisories/32653Vendor Advisory
http://www.osvdb.org/49704
http://www.vupen.com/english/advisories/2008/3109PatchVendor Advisory
http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2153Vendor Advisory
http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2167PatchVendor Advisory

FAQ

What is CVE-2008-7050?

CVE-2008-7050 is a vulnerability with a CVSS score of 7.5 (HIGH). The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required argumen...

How severe is CVE-2008-7050?

CVE-2008-7050 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-7050?

Check the references section above for vendor advisories and patch information. Affected products include: Wowraidmanager Wowraidmanager.