Required CVE Record Information
Description
backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.
References 5 Total
- http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.html
- http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/
- http://seclists.org/fulldisclosure/2014/May/130
- http://www.securityfocus.com/bid/67644
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.html x_transferred
- http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/ x_transferred
- http://seclists.org/fulldisclosure/2014/May/130 x_transferred
- http://www.securityfocus.com/bid/67644 x_transferred
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/ x_transferred