PT-2010-2761 · Openpne · Openpne
高木浩光
·
Published
2010-03-23
·
Updated
2010-03-24
·
CVE-2010-1040
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
OpenPNE versions 1.6 through 1.8
OpenPNE versions 2.0 through 2.8
OpenPNE versions 2.10 through 2.14
OpenPNE versions 3.0 through 3.4
Description
The issue allows remote attackers to bypass the simple login functionality via unknown vectors related to spoofing when mobile device support is enabled.
Recommendations
For OpenPNE versions 1.6 through 1.8, consider disabling mobile device support until a fix is available.
For OpenPNE versions 2.0 through 2.8, consider disabling mobile device support until a fix is available.
For OpenPNE versions 2.10 through 2.14, consider disabling mobile device support until a fix is available.
For OpenPNE versions 3.0 through 3.4, consider disabling mobile device support until a fix is available.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openpne