Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2008-0169

Published: 03/06/2008 Updated: 08/08/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Ikiwiki

Vulnerability Summary

Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 up to and including 2.47 allows remote malicious users to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.

Vulnerable Product Search on Vulmon Subscribe to Product

ikiwiki ikiwiki 1.37

ikiwiki ikiwiki 1.34.1

ikiwiki ikiwiki 1.34.2

ikiwiki ikiwiki 1.41

ikiwiki ikiwiki 1.42

ikiwiki ikiwiki 1.5

ikiwiki ikiwiki 1.51

ikiwiki ikiwiki 2.14

ikiwiki ikiwiki 2.15

ikiwiki ikiwiki 2.3

ikiwiki ikiwiki 2.30

ikiwiki ikiwiki 2.42

ikiwiki ikiwiki 1.35

ikiwiki ikiwiki 1.36

ikiwiki ikiwiki 1.43

ikiwiki ikiwiki 1.44

ikiwiki ikiwiki 2.0

ikiwiki ikiwiki 2.1

ikiwiki ikiwiki 2.16

ikiwiki ikiwiki 2.17

ikiwiki ikiwiki 2.31

ikiwiki ikiwiki 2.31.1

ikiwiki ikiwiki 2.44

ikiwiki ikiwiki 2.47

ikiwiki ikiwiki 2.43

ikiwiki ikiwiki 2.9

ikiwiki ikiwiki 1.38

ikiwiki ikiwiki 1.45

ikiwiki ikiwiki 1.46

ikiwiki ikiwiki 2.10

ikiwiki ikiwiki 2.11

ikiwiki ikiwiki 2.18

ikiwiki ikiwiki 2.19

ikiwiki ikiwiki 2.31.2

ikiwiki ikiwiki 2.31.3

ikiwiki ikiwiki 2.4

ikiwiki ikiwiki 2.5

ikiwiki ikiwiki 2.6

ikiwiki ikiwiki 1.34

ikiwiki ikiwiki 1.39

ikiwiki ikiwiki 1.40

ikiwiki ikiwiki 1.47

ikiwiki ikiwiki 1.48

ikiwiki ikiwiki 1.49

ikiwiki ikiwiki 2.12

ikiwiki ikiwiki 2.13

ikiwiki ikiwiki 2.2

ikiwiki ikiwiki 2.20

ikiwiki ikiwiki 2.40

ikiwiki ikiwiki 2.41

ikiwiki ikiwiki 2.7

ikiwiki ikiwiki 2.8

Vendor Advisories

Debian CVElist Bug Report Logs: ikiwiki openid + passwordauth empty password security hole
Debian Bug report logs - #483770 ikiwiki openid + passwordauth empty password security hole Package: ikiwiki; Maintainer for ikiwiki is Simon McVittie <smcv@debianorg>; Source for ikiwiki is src:ikiwiki (PTS, buildd, popcon) Reported by: Joey Hess <joeyh@debianorg> Date: Fri, 30 May 2008 22:18:02 UTC Severity: gra ...

References

CWE-264http://www.openwall.com/lists/oss-security/2008/05/31/3http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770http://ikiwiki.info/news/version_2.48/index.htmlhttp://secunia.com/advisories/30468http://ikiwiki.info/security/#index33h2http://www.securityfocus.com/bid/29479http://www.vupen.com/english/advisories/2008/1710https://exchange.xforce.ibmcloud.com/vulnerabilities/42798https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook