CVE-2005-4448
First published: Wed Dec 21 2005(Updated: )
FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Postnuke Software Foundation Pnphpbb | =2.5.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-4448?
CVE-2005-4448 has been classified as a medium severity vulnerability.
How do I fix CVE-2005-4448?
To fix CVE-2005-4448, it's recommended to upgrade to FlatNuke version 2.5.7 or later.
What software is affected by CVE-2005-4448?
CVE-2005-4448 affects FlatNuke version 2.5.6.
What type of vulnerability is CVE-2005-4448?
CVE-2005-4448 is an authentication bypass vulnerability due to improper handling of password hashes.
Can CVE-2005-4448 be exploited remotely?
Yes, CVE-2005-4448 can be exploited remotely if an attacker obtains the password hash.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/flatnuke
- canonical/postnuke software foundation pnphpbb
- version/postnuke software foundation pnphpbb/2.5.6