| |
Vulnerability CVE-2007-4609
Published: 2007-08-30 Modified: 2012-02-12
| Description: |
eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values. |
See advisories in our WLB2 database: | Topic | Author | Date |
Low |
| komarov | 01.09.2007 |
Type:
CWE-264 (Permissions, Privileges, and Access Controls)
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.4/10 |
4.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
Partial |
References: |
http://securityreason.com/securityalert/3081
http://www.securityfocus.com/archive/1/477866/100/0/threaded
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
