CVE-2012-1840

AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash.

Published: Mar 22, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-1840
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
ajaxplorer / ajaxplorer	3.2.3	3.2.3.x
ajaxplorer / ajaxplorer	3.2.1	3.2.1.x
ajaxplorer / ajaxplorer	3.2.2	3.2.2.x
ajaxplorer / ajaxplorer	3.2	3.2.x
ajaxplorer / ajaxplorer	3.2.4	3.2.4.x
ajaxplorer / ajaxplorer	4.0.3	4.0.3.x
ajaxplorer / ajaxplorer	4.0	4.0.x
ajaxplorer / ajaxplorer	4.0.2	4.0.2.x
ajaxplorer / ajaxplorer	4.0.1	4.0.1.x

http://ajaxplorer.info/ajaxplorer-4-0-4/
http://www.kb.cert.org/vuls/id/504019
https://exchange.xforce.ibmcloud.com/vulnerabilities/74305

Vulnerability Database

CVE-2012-1840