Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 14/02/2005 Updated: 09/02/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

CitrusDB 0.3.6 and previous versions generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote malicious users to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
citrusdb citrusdb

source: wwwsecurityfocuscom/bid/12560/info CitrusDB is reportedly affected by an authentication bypass vulnerability This issue is due to the application using a static value during the creation of user cookie information An attacker could exploit this vulnerability to log in as any existing user, including the 'admin' account This i ...

CWE-916 http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031707.html http://www.redteam-pentesting.de/advisories/rt-sa-2005-002.txt https://nvd.nist.gov https://www.exploit-db.com/exploits/25102/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-0408

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect