Detections
Analytics

X-News Password MD5 Hash Authentication Bypass

high Nessus Plugin ID 12068

Language:

Synopsis

The remote web server contains a PHP application that is prone to information disclosure attacks.

Description

X-News is a news management system, written in PHP. X-News uses a flat-file database to store information. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

X-News stores user ids and passwords, as MD5 hashes, in a world- readable file, 'db/users.txt'. This is the same information that is issued by X-News in cookie-based authentication credentials. An attacker may incorporate this information into cookies and then submit them to gain unauthorized access to the X-News administrative account.

Solution

Deny access to the files in the 'db' directory through the web server.

See Also

http://www.nessus.org/u?d20a4b44

Plugin Details

Severity: High

ID: 12068

File Name: xnews.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 2/21/2004

Updated: 4/11/2022

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 3/16/2002

Reference Information

CVE: CVE-2002-1656

BID: 4283