Vulnerability Details CVE-2002-1656
X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.154
EPSS Ranking 94.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://securitytracker.com/id?1003828
- http://www.ifrance.com/kitetoua/tuto/x_holes.txt
- http://www.kb.cert.org/vuls/id/162723
- http://www.securityfocus.com/bid/4283
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8465
- http://securitytracker.com/id?1003828
- http://www.ifrance.com/kitetoua/tuto/x_holes.txt
- http://www.kb.cert.org/vuls/id/162723
- http://www.securityfocus.com/bid/4283
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8465