CVE-2006-0944
published 2006-03-01CVE-2006-0944: Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1.
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.56%
87.9th percentile
Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| archangelmgt | weblog | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CAPEC
Manipulating Opaque Client-based Data Tokens
mitre_capec
[MEDIUM] Manipulating Opaque Client-based Data Tokens
CAPEC-39: Manipulating Opaque Client-based Data Tokens
In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.
Execution Flow:
Step 1 [Explore]: [Enumerate information passed to client side] The attacker identifies the parameters used as part of tokens to take business or security decisions
Technique: Use
http://securitytracker.com/id?1015689http://www.osvdb.org/23620http://www.securityfocus.com/archive/1/426184/100/0/threadedhttp://www.securityfocus.com/bid/16848https://exchange.xforce.ibmcloud.com/vulnerabilities/24984https://www.exploit-db.com/exploits/3859http://securitytracker.com/id?1015689http://www.osvdb.org/23620http://www.securityfocus.com/archive/1/426184/100/0/threadedhttp://www.securityfocus.com/bid/16848https://exchange.xforce.ibmcloud.com/vulnerabilities/24984https://www.exploit-db.com/exploits/3859
2006-03-01
Published