CVE-2007-4419
CVE-2007-4419
Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/30504unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.htmlhttp://osvdb.org/39714http://secunia.com/advisories/26533http://securityreason.com/securityalert/3028https://exchange.xforce.ibmcloud.com/vulnerabilities/36088http://sourceforge.net/forum/forum.php?forum_id=727807http://sourceforge.net/project/shownotes.php?group_id=188052&release_id=533628http://sourceforge.net/project/shownotes.php?release_id=533628&group_id=188052http://www.securityfocus.com/archive/1/476760/100/0/threadedhttp://www.securityfocus.com/archive/1/477223/100/0/threadedhttp://www.securityfocus.com/bid/25343