10
CVE-2010-4279
- EPSS 85.04%
- Published 02.12.2010 17:15:00
- Last modified 11.04.2025 00:51:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter.
Data is provided by the National Vulnerability Database (NVD)
Artica ≫ Pandora Fms Version <= 3.1
Artica ≫ Pandora Fms Version1.2
Artica ≫ Pandora Fms Version1.3
Artica ≫ Pandora Fms Version1.3 Updatebeta
Artica ≫ Pandora Fms Version1.3 Updatebeta1
Artica ≫ Pandora Fms Version1.3 Updatebeta2
Artica ≫ Pandora Fms Version1.3 Updatebeta3
Artica ≫ Pandora Fms Version1.3.1
Artica ≫ Pandora Fms Version2.0
Artica ≫ Pandora Fms Version2.0 Updatebeta
Artica ≫ Pandora Fms Version2.1
Artica ≫ Pandora Fms Version2.1.1
Artica ≫ Pandora Fms Version3.0
Artica ≫ Pandora Fms Version3.0 Updaterc1
Artica ≫ Pandora Fms Version3.0 Updaterc2
Artica ≫ Pandora Fms Version3.1 Updaterc1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 85.04% | 0.993 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.