CVE-2007-4419

Published: Aug 18, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://sourceforge.net/project/shownotes.php?group_id=188052&release_id=533628

x_refsource_CONFIRM

http://sourceforge.net/forum/forum.php?forum_id=727807

x_refsource_CONFIRM

http://sourceforge.net/project/shownotes.php?release_id=533628&group_id=188052

x_refsource_CONFIRM

26533

third-party-advisory

x_refsource_SECUNIA

http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html

x_refsource_MISC

olatedownload-admin-security-bypass(36088)

vdb-entry

x_refsource_XF

25343

vdb-entry

x_refsource_BID

20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing

mailing-list

x_refsource_BUGTRAQ

20070816 Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing

mailing-list

x_refsource_BUGTRAQ

3028

third-party-advisory

x_refsource_SREASON

39714

vdb-entry

x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2007-4419

Description

Affected Products

References