PT-2010-2761 · Openpne · Openpne
高木浩光
·
Publicado
2010-03-23
·
Atualizado
2010-03-24
·
CVE-2010-1040
CVSS v2.0
5.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
OpenPNE versions 1.6 through 1.8
OpenPNE versions 2.0 through 2.8
OpenPNE versions 2.10 through 2.14
OpenPNE versions 3.0 through 3.4
Description
The issue allows remote attackers to bypass the simple login functionality via unknown vectors related to spoofing when mobile device support is enabled.
Recommendations
For OpenPNE versions 1.6 through 1.8, consider disabling mobile device support until a fix is available.
For OpenPNE versions 2.0 through 2.8, consider disabling mobile device support until a fix is available.
For OpenPNE versions 2.10 through 2.14, consider disabling mobile device support until a fix is available.
For OpenPNE versions 3.0 through 3.4, consider disabling mobile device support until a fix is available.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openpne