CVE-2008-0169
First published: Tue Jun 03 2008(Updated: )
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ikiwiki Hosting Project | =1.5 | |
| Ikiwiki Hosting Project | =1.34 | |
| Ikiwiki Hosting Project | =1.34.1 | |
| Ikiwiki Hosting Project | =1.34.2 | |
| Ikiwiki Hosting Project | =1.35 | |
| Ikiwiki Hosting Project | =1.36 | |
| Ikiwiki Hosting Project | =1.37 | |
| Ikiwiki Hosting Project | =1.38 | |
| Ikiwiki Hosting Project | =1.39 | |
| Ikiwiki Hosting Project | =1.40 | |
| Ikiwiki Hosting Project | =1.41 | |
| Ikiwiki Hosting Project | =1.42 | |
| Ikiwiki Hosting Project | =1.43 | |
| Ikiwiki Hosting Project | =1.44 | |
| Ikiwiki Hosting Project | =1.45 | |
| Ikiwiki Hosting Project | =1.46 | |
| Ikiwiki Hosting Project | =1.47 | |
| Ikiwiki Hosting Project | =1.48 | |
| Ikiwiki Hosting Project | =1.49 | |
| Ikiwiki Hosting Project | =1.51 | |
| Ikiwiki Hosting Project | =2.0 | |
| Ikiwiki Hosting Project | =2.1 | |
| Ikiwiki Hosting Project | =2.2 | |
| Ikiwiki Hosting Project | =2.3 | |
| Ikiwiki Hosting Project | =2.4 | |
| Ikiwiki Hosting Project | =2.5 | |
| Ikiwiki Hosting Project | =2.6 | |
| Ikiwiki Hosting Project | =2.7 | |
| Ikiwiki Hosting Project | =2.8 | |
| Ikiwiki Hosting Project | =2.9 | |
| Ikiwiki Hosting Project | =2.10 | |
| Ikiwiki Hosting Project | =2.11 | |
| Ikiwiki Hosting Project | =2.12 | |
| Ikiwiki Hosting Project | =2.13 | |
| Ikiwiki Hosting Project | =2.14 | |
| Ikiwiki Hosting Project | =2.15 | |
| Ikiwiki Hosting Project | =2.16 | |
| Ikiwiki Hosting Project | =2.17 | |
| Ikiwiki Hosting Project | =2.18 | |
| Ikiwiki Hosting Project | =2.19 | |
| Ikiwiki Hosting Project | =2.20 | |
| Ikiwiki Hosting Project | =2.30 | |
| Ikiwiki Hosting Project | =2.31 | |
| Ikiwiki Hosting Project | =2.31.1 | |
| Ikiwiki Hosting Project | =2.31.2 | |
| Ikiwiki Hosting Project | =2.31.3 | |
| Ikiwiki Hosting Project | =2.40 | |
| Ikiwiki Hosting Project | =2.41 | |
| Ikiwiki Hosting Project | =2.42 | |
| Ikiwiki Hosting Project | =2.43 | |
| Ikiwiki Hosting Project | =2.44 | |
| Ikiwiki Hosting Project | =2.47 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2008/05/31/3
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770
- http://ikiwiki.info/news/version_2.48/index.html
- http://secunia.com/advisories/30468
- http://ikiwiki.info/security/#index33h2
- http://www.securityfocus.com/bid/29479
- http://www.vupen.com/english/advisories/2008/1710
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42798
Frequently Asked Questions
What is the severity of CVE-2008-0169?
CVE-2008-0169 has a medium severity level as it allows remote attackers to bypass authentication.
How do I fix CVE-2008-0169?
To fix CVE-2008-0169, update ikiwiki to version 2.48 or later where this vulnerability is patched.
What versions of ikiwiki are affected by CVE-2008-0169?
CVE-2008-0169 affects versions of ikiwiki from 1.34 to 2.47.
What does CVE-2008-0169 exploit?
CVE-2008-0169 exploits a flaw in the passwordauth plugin that allows login without a password for certain OpenID accounts.
Who can be targeted by CVE-2008-0169?
CVE-2008-0169 can target any user account configured with an OpenID identity without a password.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ikiwiki
- canonical/ikiwiki hosting project
- version/ikiwiki hosting project/1.5
- version/ikiwiki hosting project/1.34
- version/ikiwiki hosting project/1.34.1
- version/ikiwiki hosting project/1.34.2
- version/ikiwiki hosting project/1.35
- version/ikiwiki hosting project/1.36
- version/ikiwiki hosting project/1.37
- version/ikiwiki hosting project/1.38
- version/ikiwiki hosting project/1.39
- version/ikiwiki hosting project/1.40
- version/ikiwiki hosting project/1.41
- version/ikiwiki hosting project/1.42
- version/ikiwiki hosting project/1.43
- version/ikiwiki hosting project/1.44
- version/ikiwiki hosting project/1.45
- version/ikiwiki hosting project/1.46
- version/ikiwiki hosting project/1.47
- version/ikiwiki hosting project/1.48
- version/ikiwiki hosting project/1.49
- version/ikiwiki hosting project/1.51
- version/ikiwiki hosting project/2.0
- version/ikiwiki hosting project/2.1
- version/ikiwiki hosting project/2.2
- version/ikiwiki hosting project/2.3
- version/ikiwiki hosting project/2.4
- version/ikiwiki hosting project/2.5
- version/ikiwiki hosting project/2.6
- version/ikiwiki hosting project/2.7
- version/ikiwiki hosting project/2.8
- version/ikiwiki hosting project/2.9
- version/ikiwiki hosting project/2.10
- version/ikiwiki hosting project/2.11
- version/ikiwiki hosting project/2.12
- version/ikiwiki hosting project/2.13
- version/ikiwiki hosting project/2.14
- version/ikiwiki hosting project/2.15
- version/ikiwiki hosting project/2.16
- version/ikiwiki hosting project/2.17
- version/ikiwiki hosting project/2.18
- version/ikiwiki hosting project/2.19
- version/ikiwiki hosting project/2.20
- version/ikiwiki hosting project/2.30
- version/ikiwiki hosting project/2.31
- version/ikiwiki hosting project/2.31.1
- version/ikiwiki hosting project/2.31.2
- version/ikiwiki hosting project/2.31.3
- version/ikiwiki hosting project/2.40
- version/ikiwiki hosting project/2.41
- version/ikiwiki hosting project/2.42
- version/ikiwiki hosting project/2.43
- version/ikiwiki hosting project/2.44
- version/ikiwiki hosting project/2.47