Sign-up

ID

VAR-200111-0015


CVE

CVE-2001-0911


TITLE

PHP-Nuke Cookie Fragile encryption mechanism vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200111-026

DESCRIPTION

PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. When a user authenticates to a PHP-Nuke based page, a cookie is created which includes that user's account name and password. This password is encoded using Base 64 encoding, and can be immediately decoded by anyone with access to the cookies contents. This, an attacker able to gain access to this cookie may trivially learn the user's account name and password, and compromise that account. Older versions of PHP-Nuke may also be vulnerable. PostNuke 0.6.4(and possibly earlier versions) is also vulnerable. PHP Nuke uses a global variable named '$user'. It is normally retrieved from a cookie, but can be supplied in a URL. This value contains uuencoded values for the user information and the user's password hash. These values are decoded on the server and used in various SQL queries during the execution of PHP Nuke scripts. Several variables used in this query contain user-supplied input. These values may be injected into a uuencoded $user variable passed in a URL. Attackers may modify the query so that its logic forces retrieval of sensitive information associated with arbitrary users. This could be accomplished if the attacker has a valid username. If exploited, the attacker will have gained the encrypted password and user information of the target user. The password could then be brute-forced, allowing further compromises of security on the affected host, including arbitrary file access and remote command execution as the webserver process. There is a security issue in this CGI program, which may lead to the disclosure of sensitive information

Trust: 1.53

sources: NVD: CVE-2001-0911 // BID: 3567 // BID: 2431 // VULHUB: VHN-3718

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:5.2

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:5.1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:5.3.1

Trust: 1.6

vendor:postnukemodel:postnukescope:eqversion:0.64

Trust: 1.0

vendor:postnukemodel:development team postnukescope:eqversion:0.64

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.3.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:4.4

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:4.3

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:4.0

Trust: 0.3

sources: BID: 3567 // BID: 2431 // CNNVD: CNNVD-200111-026 // NVD: CVE-2001-0911

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0911
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200111-026
value: HIGH

Trust: 0.6

VULHUB: VHN-3718
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2001-0911
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3718
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-3718 // CNNVD: CNNVD-200111-026 // NVD: CVE-2001-0911

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0911

THREAT TYPE

network

Trust: 0.6

sources: BID: 3567 // BID: 2431

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200111-026

EXTERNAL IDS

db:NVDid:CVE-2001-0911

Trust: 2.3

db:BIDid:3567

Trust: 2.0

db:CNNVDid:CNNVD-200111-026

Trust: 0.7

db:XFid:7596

Trust: 0.6

db:BUGTRAQid:20011121 PHPNUKE ADMIN PASSWORD CAN BE STOLEN !

Trust: 0.6

db:BIDid:2431

Trust: 0.4

db:VULHUBid:VHN-3718

Trust: 0.1

sources: VULHUB: VHN-3718 // BID: 3567 // BID: 2431 // CNNVD: CNNVD-200111-026 // NVD: CVE-2001-0911

REFERENCES

url:http://www.securityfocus.com/bid/3567

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/7596

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=100638850219503&w=2

Trust: 1.0

url:http://xforce.iss.net/static/7596.php

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=100638850219503&w=2

Trust: 0.6

url:http://www.postnuke.com

Trust: 0.3

url:http://marc.info/?l=bugtraq&m=100638850219503&w=2

Trust: 0.1

sources: VULHUB: VHN-3718 // BID: 3567 // CNNVD: CNNVD-200111-026 // NVD: CVE-2001-0911

CREDITS

Posted by Cabezon Aurélien <aurelien.cabezon@iSecureLabs.com> to the BugTraq mailing list on November 22, 2001.

Trust: 0.3

sources: BID: 3567

SOURCES

db:VULHUBid:VHN-3718
db:BIDid:3567
db:BIDid:2431
db:CNNVDid:CNNVD-200111-026
db:NVDid:CVE-2001-0911

LAST UPDATE DATE

2024-08-14T14:29:38.191000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-3718date:2017-12-19T00:00:00
db:BIDid:3567date:2009-07-11T09:06:00
db:BIDid:2431date:2009-07-11T04:46:00
db:CNNVDid:CNNVD-200111-026date:2006-09-25T00:00:00
db:NVDid:CVE-2001-0911date:2017-12-19T02:29:28.363

SOURCES RELEASE DATE

db:VULHUBid:VHN-3718date:2001-11-21T00:00:00
db:BIDid:3567date:2001-11-22T00:00:00
db:BIDid:2431date:2001-02-23T00:00:00
db:CNNVDid:CNNVD-200111-026date:2001-11-21T00:00:00
db:NVDid:CVE-2001-0911date:2001-11-21T05:00:00