[Bug 1224241] New: VUL-0: CVE-2024-34340: cacti: Authentication Bypass when using using older password hashes
https://bugzilla.suse.com/show_bug.cgi?id=1224241 Bug ID: 1224241 Summary: VUL-0: CVE-2024-34340: cacti: Authentication Bypass when using using older password hashes Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- https://github.com/cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m Md5-hashed user input is compared with correct password in database by $md5 == $hash. It is a loose comparison, not ===. It is a type juggling vulnerability. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1224241
Andreas Stieger
https://bugzilla.suse.com/show_bug.cgi?id=1224241
https://bugzilla.suse.com/show_bug.cgi?id=1224241#c1
--- Comment #1 from OBSbugzilla Bot
https://bugzilla.suse.com/show_bug.cgi?id=1224241
https://bugzilla.suse.com/show_bug.cgi?id=1224241#c2
--- Comment #2 from OBSbugzilla Bot
https://bugzilla.suse.com/show_bug.cgi?id=1224241
https://bugzilla.suse.com/show_bug.cgi?id=1224241#c3
Andreas Stieger
participants (1)
-
bugzilla_noreply@suse.com