CVE-2008-4180

Name of the Vulnerable Software and Affected Versions NooMS version 1.1

Description The issue allows remote attackers to conduct brute force attacks against passwords. This is achieved by providing a username in the g dbuser parameter and a password in the g dbpwd parameter. The attack might also involve setting the g dbhost parameter to a "localhost" value.

Recommendations For NooMS version 1.1, consider restricting access to the db.php file to prevent brute force attacks, and limit the number of login attempts to mitigate the risk of exploitation. As a temporary workaround, restrict the use of the g dbuser and g dbpwd parameters until a patch is available.