The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2010-12-02T17:00:00
Updated: 2024-08-07T03:43:13.319Z
Reserved: 2010-11-17T00:00:00
Link: CVE-2010-4279
Vulnrichment
No data.
NVD
Status : Modified
Published: 2010-12-02T17:15:00.503
Modified: 2024-11-21T01:20:36.500
Link: CVE-2010-4279
Redhat
No data.