Cloisterblog Administration Interface Authentication Weakness
BID:10001
Info
Cloisterblog Administration Interface Authentication Weakness
| Bugtraq ID: | 10001 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2004 12:00AM |
| Updated: | Mar 29 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to Dotho <[email protected]>. |
| Vulnerable: |
Cloisterblog Cloisterblog 1.2.2 |
| Not Vulnerable: | |
Discussion
Cloisterblog Administration Interface Authentication Weakness
Cloisterblog has been reported prone to an administration interface authentication weakness. The issue presents itself in the journal_admin.pl script, the script fails to check the username entered during authentication to the administration interface. This may make it possible for a remote attacker to brute force password attempts in order to authenticate successfully to the Cloisterblog administration interface.
Cloisterblog has been reported prone to an administration interface authentication weakness. The issue presents itself in the journal_admin.pl script, the script fails to check the username entered during authentication to the administration interface. This may make it possible for a remote attacker to brute force password attempts in order to authenticate successfully to the Cloisterblog administration interface.
Exploit / POC
Cloisterblog Administration Interface Authentication Weakness
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Cloisterblog Administration Interface Authentication Weakness
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Cloisterblog Administration Interface Authentication Weakness
References:
References:
- CloisterBlog Homepage (Stephen Kozik )
- Multiple Vulnerabilities in Cloisterblog web blog/journal (Dotho
)