Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2006-3204

Published: Jun 24, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2006-3204
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie.

Affected Software

Name Vendor Start Version End Version
Ultimate_php_board Ultimate_php_board 1.8 (including) 1.8 (including)
Ultimate_php_board Ultimate_php_board 1.8.2 (including) 1.8.2 (including)
Ultimate_php_board Ultimate_php_board 1.9 (including) 1.9 (including)
Ultimate_php_board Ultimate_php_board 1.9.6 (including) 1.9.6 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use