CVE-2006-2636

newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to xY1zZoPQ.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Newscmslite	Katy_whitton	*	*

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://secunia.com/advisories/20294
http://securityreason.com/securityalert/974
http://www.bugreport.ir/index_62.htm
http://www.kapda.ir/advisory-332.html
http://www.securityfocus.com/archive/1/435019/100/0/threaded
http://www.securityfocus.com/archive/1/500407/100/0/threaded
http://www.vupen.com/english/advisories/2006/1993
https://exchange.xforce.ibmcloud.com/vulnerabilities/26698
http://secunia.com/advisories/20294
http://securityreason.com/securityalert/974
http://www.bugreport.ir/index_62.htm
http://www.kapda.ir/advisory-332.html
http://www.securityfocus.com/archive/1/435019/100/0/threaded
http://www.securityfocus.com/archive/1/500407/100/0/threaded
http://www.vupen.com/english/advisories/2006/1993
https://exchange.xforce.ibmcloud.com/vulnerabilities/26698

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-2636
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References