CVE-2009-2951 - OpenCVE

Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phenotype-cms	Phenotype Cms

Configuration 1 [-]

OR	cpe:2.3:a:phenotype-cms:phenotype_cms::::::::
	cpe:2.3:a:phenotype-cms:phenotype_cms:1.0:::::::*
	cpe:2.3:a:phenotype-cms:phenotype_cms:2.0:::::::*
	cpe:2.3:a:phenotype-cms:phenotype_cms:2.1:::::::*
	cpe:2.3:a:phenotype-cms:phenotype_cms:2.2:::::::*
	cpe:2.3:a:phenotype-cms:phenotype_cms:2.3:::::::*
	cpe:2.3:a:phenotype-cms:phenotype_cms:2.4:::::::*
	cpe:2.3:a:phenotype-cms:phenotype_cms:2.5:::::::*
	cpe:2.3:a:phenotype-cms:phenotype_cms:2.5.1:::::::*
	cpe:2.3:a:phenotype-cms:phenotype_cms:2.6:::::::*
	cpe:2.3:a:phenotype-cms:phenotype_cms:2.7:::::::*

No data.

References

Link	Providers
http://www.phenotype-cms.com/wiki/development-changelog
https://exchange.xforce.ibmcloud.com/vulnerabilities/52856

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-24T15:00:00

Updated: 2024-08-07T06:07:37.433Z

Reserved: 2009-08-24T00:00:00

Link: CVE-2009-2951

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-08-24T15:30:00.217

Modified: 2017-08-17T01:30:58.960

Link: CVE-2009-2951

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-10T00:00:00", "descriptions": [{"lang": "en", "value": "Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.phenotype-cms.com/wiki/development-changelog"}, {"name": "phenotype-salt-value-info-disclosure(52856)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52856"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2951", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.phenotype-cms.com/wiki/development-changelog", "refsource": "CONFIRM", "url": "http://www.phenotype-cms.com/wiki/development-changelog"}, {"name": "phenotype-salt-value-info-disclosure(52856)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52856"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:07:37.433Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.phenotype-cms.com/wiki/development-changelog"}, {"name": "phenotype-salt-value-info-disclosure(52856)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52856"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2951", "datePublished": "2009-08-24T15:00:00", "dateReserved": "2009-08-24T00:00:00", "dateUpdated": "2024-08-07T06:07:37.433Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phenotype-cms:phenotype_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBF0838A-2FC3-4407-BBFC-1C6D4632B0E5", "versionEndIncluding": "2.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:phenotype-cms:phenotype_cms:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A12B07C8-92E1-45A6-97C8-ED81A50B7A60", "vulnerable": true}, {"criteria": "cpe:2.3:a:phenotype-cms:phenotype_cms:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D584096C-20F6-48E2-AFED-43C35E0D102F", "vulnerable": true}, {"criteria": "cpe:2.3:a:phenotype-cms:phenotype_cms:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "9D3DDB99-189F-4239-998E-FB03304F67B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:phenotype-cms:phenotype_cms:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "9E80761B-1C6C-4E1F-98BD-B4D65BA8ED10", "vulnerable": true}, {"criteria": "cpe:2.3:a:phenotype-cms:phenotype_cms:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "29E323CC-81A8-4997-A89D-7951C51FDBD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:phenotype-cms:phenotype_cms:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "CDFD819F-5AC0-47F3-A9F7-5E4D02058958", "vulnerable": true}, {"criteria": "cpe:2.3:a:phenotype-cms:phenotype_cms:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "50DE5FF2-DD49-4B5C-B7AF-75824C8AAA8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:phenotype-cms:phenotype_cms:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "19F09617-AFBD-4FC7-820B-5A43F2AA9668", "vulnerable": true}, {"criteria": "cpe:2.3:a:phenotype-cms:phenotype_cms:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "13EB4778-9EAB-4E5D-BAE8-75D58A4ECF98", "vulnerable": true}, {"criteria": "cpe:2.3:a:phenotype-cms:phenotype_cms:2.7:*:*:*:*:*:*:*", "matchCriteriaId": "C714422D-4A39-4ED7-B244-05F56CEDF7E9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords."}, {"lang": "es", "value": "Phenotype CMS anterior a v2.9no utiliza una sal -salt- a\u00f1adida aleatoria para el cifrado de las contrase\u00f1as, esto facilita a los atacantes dependientes del contexto llegar a conocer la contrase\u00f1a en texto plano."}], "id": "CVE-2009-2951", "lastModified": "2017-08-17T01:30:58.960", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-24T15:30:00.217", "references": [{"source": "cve@mitre.org", "url": "http://www.phenotype-cms.com/wiki/development-changelog"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52856"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}