Vulnerability Details CVE-2007-4419
Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.091
EPSS Ranking 92.3%
CVSS Severity
CVSS v2 Score 9.3
References
- http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html
- http://osvdb.org/39714
- http://secunia.com/advisories/26533
- http://securityreason.com/securityalert/3028
- http://sourceforge.net/forum/forum.php?forum_id=727807
- http://sourceforge.net/project/shownotes.php?group_id=188052&release_id=533628
- http://sourceforge.net/project/shownotes.php?release_id=533628&group_id=188052
- http://www.securityfocus.com/archive/1/476760/100/0/threaded
- http://www.securityfocus.com/archive/1/477223/100/0/threaded
- http://www.securityfocus.com/bid/25343
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36088
- http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html
- http://osvdb.org/39714
- http://secunia.com/advisories/26533
- http://securityreason.com/securityalert/3028
- http://sourceforge.net/forum/forum.php?forum_id=727807
- http://sourceforge.net/project/shownotes.php?group_id=188052&release_id=533628
- http://sourceforge.net/project/shownotes.php?release_id=533628&group_id=188052
- http://www.securityfocus.com/archive/1/476760/100/0/threaded
- http://www.securityfocus.com/archive/1/477223/100/0/threaded
- http://www.securityfocus.com/bid/25343
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36088
Products affected by CVE-2007-4419
-
cpe:2.3:a:olate:olatedownload:3.4.1