CVE-2004-1219

paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the administrator session.

Published: Jan 10, 2005
Updated: Apr 13, 2023
CVE: CVE-2004-1219
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
php_arena / pafiledb	3.1	3.1.x

http://echo.or.id/adv/adv09-y3dips-2004.txt
http://marc.info/?l=bugtraq&m=110245123927025&w=2
http://www.securityfocus.com/bid/11818
https://exchange.xforce.ibmcloud.com/vulnerabilities/18364

Vulnerability Database

289,697

CVE-2004-1219