CVE-2005-0408
published 2005-02-14CVE-2005-0408: CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass…
PriorityP347critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.74%
90.7th percentile
CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrusdb | citrusdb | <= 0.3.6 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Use of a One-Way Hash with a Predictable Salt
mitre_cwe
CWE-760 Use of a One-Way Hash with a Predictable Salt
CWE-760: Use of a One-Way Hash with a Predictable Salt
The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product uses a predictable salt as part of the input.
This makes it easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide. It should be noted that, despite common perceptions, the use of a good salt with a hash does not sufficiently increase the effort for an attacker who is targeting an individual password, or who has a large amount of computing resources available, such as with cloud-based services or specialized, inexpensive hardware. Offline password cracking can still be effect
CWE
Use of Password Hash With Insufficient Computational Effort
mitre_cwe
CWE-916 Use of Password Hash With Insufficient Computational Effort
CWE-916: Use of Password Hash With Insufficient Computational Effort
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
Many password storage mechanisms compute a hash and store the hash, instead of storing the original password in plaintext. In this design, authentication involves accepting an incoming password, computing its hash, and comparing it to the stored hash. Many hash algorithms are designed to execute quickly with minimal overhead, even cryptographic hashes. However, this efficiency is a problem for password storage, because it can reduce an attacker's workload for brute-force password cracking. If an attacker can obtain the hashes
CWE
Improper Authentication
mitre_cwe
CWE-287 Improper Authentication
CWE-287: Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Integrity, Confidentiality, Availability, Access Control. Impact: Read Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
Detection Methods:
Automated Static Analysis: Automated static analysis is useful for de
CWE
Insufficiently Protected Credentials
mitre_cwe
CWE-522 Insufficiently Protected Credentials
CWE-522: Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Modes of Introduction:
Phase: Architecture and Design
Note: COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic.
Phase: Implementation
Common Consequences:
Scope: Access Control. Impact: Gain Privileges or Assume Identity. An attacker could gain access to user accounts and access sensitive data used by the user accounts.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/com
2005-02-14
Published