CVE-2000-0689

Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2000-08/0291.html	Exploit Vendor Advisory
http://www.securityfocus.com/bid/1604	Exploit Patch Vendor Advisory
http://www.cgiscriptcenter.com/acctlite/
http://www.osvdb.org/13341
https://exchange.xforce.ibmcloud.com/vulnerabilities/5125

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cgi_script_center:account_manager:lite_1.0:::::::*
	cpe:2.3:a:cgi_script_center:account_manager:pro_1.0:::::::*

Information

Published : 2000-10-19 21:00

Updated : 2017-07-10 18:29

NVD link : CVE-2000-0689

Mitre link : CVE-2000-0689

JSON object : View

CWE

NVD-CWE-Other

Products Affected

cgi_script_center

account_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0291.html", "name": "20000823 Account Manager CGI Vulnerability", "tags": ["Exploit", "Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/1604", "name": "1604", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.cgiscriptcenter.com/acctlite/", "name": "http://www.cgiscriptcenter.com/acctlite/", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.osvdb.org/13341", "name": "13341", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5125", "name": "account-manager-overwrite-password(5125)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2000-0689", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2000-10-20T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cgi_script_center:account_manager:lite_1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cgi_script_center:account_manager:pro_1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:29Z"}

7.5 /10