5

CVE-2015-6830

libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpmyadminPhpmyadmin Version4.3.0
PhpmyadminPhpmyadmin Version4.3.1
PhpmyadminPhpmyadmin Version4.3.2
PhpmyadminPhpmyadmin Version4.3.3
PhpmyadminPhpmyadmin Version4.3.4
PhpmyadminPhpmyadmin Version4.3.5
PhpmyadminPhpmyadmin Version4.3.6
PhpmyadminPhpmyadmin Version4.3.7
PhpmyadminPhpmyadmin Version4.3.8
PhpmyadminPhpmyadmin Version4.3.9
PhpmyadminPhpmyadmin Version4.3.10
PhpmyadminPhpmyadmin Version4.3.11
PhpmyadminPhpmyadmin Version4.3.12
PhpmyadminPhpmyadmin Version4.3.13.1
PhpmyadminPhpmyadmin Version4.4.0
PhpmyadminPhpmyadmin Version4.4.1
PhpmyadminPhpmyadmin Version4.4.1.1
PhpmyadminPhpmyadmin Version4.4.3
PhpmyadminPhpmyadmin Version4.4.4
PhpmyadminPhpmyadmin Version4.4.5
PhpmyadminPhpmyadmin Version4.4.6
PhpmyadminPhpmyadmin Version4.4.6.1
PhpmyadminPhpmyadmin Version4.4.7
PhpmyadminPhpmyadmin Version4.4.8
PhpmyadminPhpmyadmin Version4.4.9
PhpmyadminPhpmyadmin Version4.4.10
PhpmyadminPhpmyadmin Version4.4.11
PhpmyadminPhpmyadmin Version4.4.12
PhpmyadminPhpmyadmin Version4.4.13
PhpmyadminPhpmyadmin Version4.4.13.1
PhpmyadminPhpmyadmin Version4.4.14
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.79% 0.949
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.debian.org/security/2015/dsa-3382
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166294.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166307.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166531.html
http://www.securityfocus.com/bid/76674
http://www.securitytracker.com/id/1033546
https://github.com/phpmyadmin/phpmyadmin/commit/785f4e2711848eb8945894199d5870253a88584e
https://www.phpmyadmin.net/security/PMASA-2015-4/
Patch
Vendor Advisory