CVE-2002-2046

Name of the Vulnerable Software and Affected Versions X-News (x news) versions 1.1 and earlier

Description The issue allows remote attackers to gain administrative privileges by stealing and replaying the md5 password cookie. This is related to the x news.php file in the affected software.

Recommendations For versions 1.1 and earlier, consider restricting access to the x news.php file until a fix is available. As a temporary workaround, avoid using the md5 password cookie in sensitive operations to minimize the risk of exploitation.