CVE-2005-4448

Name of the Vulnerable Software and Affected Versions FlatNuke version 2.5.6

Description The issue allows attackers to gain privileges by obtaining the password hash, then calculating the credentials and including them in the secid cookie. This is possible because FlatNuke verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password.

Recommendations For FlatNuke version 2.5.6, consider updating the authentication mechanism to verify credentials based on plaintext passwords instead of hashed passwords to prevent exploitation. As a temporary workaround, restrict access to the secid cookie to minimize the risk of exploitation.