Vulnerability Description
backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Handsomeweb | Sos Webpages | < 1.1.12 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-BackExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2014/May/130ExploitMailing ListThird Party Advisory
- http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%Third Party Advisory
- http://www.securityfocus.com/bid/67644Third Party AdvisoryVDB Entry
- https://www.portcullis-security.com/security-research-and-downloads/security-advExploitThird Party Advisory
- http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-BackExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2014/May/130ExploitMailing ListThird Party Advisory
- http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%Third Party Advisory
- http://www.securityfocus.com/bid/67644Third Party AdvisoryVDB Entry
- https://www.portcullis-security.com/security-research-and-downloads/security-advExploitThird Party Advisory
FAQ
What is CVE-2014-3445?
CVE-2014-3445 is a vulnerability with a CVSS score of 9.8 (CRITICAL). backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the adminis...
How severe is CVE-2014-3445?
CVE-2014-3445 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-3445?
Check the references section above for vendor advisories and patch information. Affected products include: Handsomeweb Sos Webpages.