CVE-2005-3435

Name of the Vulnerable Software and Affected Versions Archilles Newsworld versions up to 1.3.0

Description The issue allows attackers to bypass authentication by obtaining the password hash for another user and specifying the hash in the pwd argument. This can be achieved, for example, through another Newsworld vulnerability.

Recommendations For Archilles Newsworld versions up to 1.3.0, update to a version later than 1.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the admin news.php file to minimize the risk of exploitation. Avoid using the pwd argument in the admin news.php file until the issue is resolved.