CVE-2007-4419

Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Olatedownload	Olate	3.4.1 (including)	3.4.1 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html
http://osvdb.org/39714
http://secunia.com/advisories/26533
http://securityreason.com/securityalert/3028
http://sourceforge.net/forum/forum.php?forum_id=727807
http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628
http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052
http://www.securityfocus.com/archive/1/476760/100/0/threaded
http://www.securityfocus.com/archive/1/477223/100/0/threaded
http://www.securityfocus.com/bid/25343
https://exchange.xforce.ibmcloud.com/vulnerabilities/36088

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-4419
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References