CVE-2008-7050 - OpenCVE

The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wowraidmanager	Wowraidmanager

Configuration 1 [-]

OR	cpe:2.3:a:wowraidmanager:wowraidmanager::::::::
	cpe:2.3:a:wowraidmanager:wowraidmanager:3.1.0:::::::*
	cpe:2.3:a:wowraidmanager:wowraidmanager:3.1.1:::::::*
	cpe:2.3:a:wowraidmanager:wowraidmanager:3.1.2:::::::*
	cpe:2.3:a:wowraidmanager:wowraidmanager:3.2.0:::::::*
	cpe:2.3:a:wowraidmanager:wowraidmanager:3.2.1:::::::*
	cpe:2.3:a:wowraidmanager:wowraidmanager:3.5.0:::::::*

No data.

References

Link	Providers
http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695f2c2f200a
http://secunia.com/advisories/32653
http://www.osvdb.org/49704
http://www.vupen.com/english/advisories/2008/3109
http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2153
http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2167

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-24T10:00:00Z

Updated: 2024-09-17T02:01:39.163Z

Reserved: 2009-08-23T00:00:00Z

Link: CVE-2008-7050

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2009-08-24T10:30:02.187

Modified: 2009-08-24T10:30:02.187

Link: CVE-2008-7050

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-08-24T10:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695f2c2f200a"}, {"name": "32653", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32653"}, {"name": "ADV-2008-3109", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3109"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2167"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2153"}, {"name": "49704", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/49704"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-7050", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695f2c2f200a", "refsource": "MISC", "url": "http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695f2c2f200a"}, {"name": "32653", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32653"}, {"name": "ADV-2008-3109", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3109"}, {"name": "http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2167", "refsource": "CONFIRM", "url": "http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2167"}, {"name": "http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2153", "refsource": "CONFIRM", "url": "http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2153"}, {"name": "49704", "refsource": "OSVDB", "url": "http://www.osvdb.org/49704"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:49:02.877Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695f2c2f200a"}, {"name": "32653", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32653"}, {"name": "ADV-2008-3109", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/3109"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2167"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2153"}, {"name": "49704", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/49704"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-7050", "datePublished": "2009-08-24T10:00:00Z", "dateReserved": "2009-08-23T00:00:00Z", "dateUpdated": "2024-09-17T02:01:39.163Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wowraidmanager:wowraidmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "71959C66-7190-4513-8042-4D8D5A651F53", "versionEndIncluding": "3.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wowraidmanager:wowraidmanager:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EDB674C5-D4D4-41CA-BB09-AE6A368B5FB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:wowraidmanager:wowraidmanager:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "11AF4B36-D51B-48B4-A613-0CAA5BE17FAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:wowraidmanager:wowraidmanager:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "938EEB42-5FEA-4B12-A9E6-B3F53E02DA3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:wowraidmanager:wowraidmanager:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3242351A-C53D-4E68-8ACC-3D6FF029D07A", "vulnerable": true}, {"criteria": "cpe:2.3:a:wowraidmanager:wowraidmanager:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1E14EC3B-FB10-4C3E-BCF0-09BC3F7ECD53", "vulnerable": true}, {"criteria": "cpe:2.3:a:wowraidmanager:wowraidmanager:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "76E94008-29BC-40E8-8058-2172CCAFCD48", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password."}, {"lang": "es", "value": "La funci\u00f3n password_check en auth/auth_phpbb3.php en WoW Raid Manager v3.5.1 anterior a Patch 1, cuando usando autenticaci\u00f3n PHPBB3, (1) no invoca la funci\u00f3n CheckPassword con los argumentos requeridos, lo que siempre lanza un fallo de autenticaci\u00f3n, y (2) devuelve verdadero en lugar de falso cuando se produce un fallo de autenticaci\u00f3n, lo que permite a los atacantes remotos evitar la autenticaci\u00f3n y ganar privilegios con una contrase\u00f1a arbitraria."}], "id": "CVE-2008-7050", "lastModified": "2009-08-24T10:30:02.187", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-24T10:30:02.187", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695f2c2f200a"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32653"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/49704"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/3109"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2153"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2167"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}