PT-2009-2519 · Blizzard+1 · Wow Raid Manager+1
Published
2009-08-24
·
Updated
2009-08-24
·
CVE-2008-7050
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
WoW Raid Manager version 3.5.1
Description
The issue concerns the password check function in the auth/auth phpbb3.php file when using PHPBB3 authentication. It has two main problems: (1) it does not correctly invoke the CheckPassword function with the necessary arguments, leading to authentication failures, and (2) it returns true instead of false when an authentication failure occurs. This allows remote attackers to bypass authentication with any password, potentially gaining privileges.
Recommendations
For WoW Raid Manager version 3.5.1, apply Patch 1 to fix the authentication bypass issue in the password check function.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpbb3
Wow Raid Manager