Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ikiwiki | Ikiwiki | 1.5 (including) | 1.5 (including) |
| Ikiwiki | Ikiwiki | 1.34 (including) | 1.34 (including) |
| Ikiwiki | Ikiwiki | 1.34.1 (including) | 1.34.1 (including) |
| Ikiwiki | Ikiwiki | 1.34.2 (including) | 1.34.2 (including) |
| Ikiwiki | Ikiwiki | 1.35 (including) | 1.35 (including) |
| Ikiwiki | Ikiwiki | 1.36 (including) | 1.36 (including) |
| Ikiwiki | Ikiwiki | 1.37 (including) | 1.37 (including) |
| Ikiwiki | Ikiwiki | 1.38 (including) | 1.38 (including) |
| Ikiwiki | Ikiwiki | 1.39 (including) | 1.39 (including) |
| Ikiwiki | Ikiwiki | 1.40 (including) | 1.40 (including) |
| Ikiwiki | Ikiwiki | 1.41 (including) | 1.41 (including) |
| Ikiwiki | Ikiwiki | 1.42 (including) | 1.42 (including) |
| Ikiwiki | Ikiwiki | 1.43 (including) | 1.43 (including) |
| Ikiwiki | Ikiwiki | 1.44 (including) | 1.44 (including) |
| Ikiwiki | Ikiwiki | 1.45 (including) | 1.45 (including) |
| Ikiwiki | Ikiwiki | 1.46 (including) | 1.46 (including) |
| Ikiwiki | Ikiwiki | 1.47 (including) | 1.47 (including) |
| Ikiwiki | Ikiwiki | 1.48 (including) | 1.48 (including) |
| Ikiwiki | Ikiwiki | 1.49 (including) | 1.49 (including) |
| Ikiwiki | Ikiwiki | 1.51 (including) | 1.51 (including) |
| Ikiwiki | Ikiwiki | 2.0 (including) | 2.0 (including) |
| Ikiwiki | Ikiwiki | 2.1 (including) | 2.1 (including) |
| Ikiwiki | Ikiwiki | 2.2 (including) | 2.2 (including) |
| Ikiwiki | Ikiwiki | 2.3 (including) | 2.3 (including) |
| Ikiwiki | Ikiwiki | 2.4 (including) | 2.4 (including) |
| Ikiwiki | Ikiwiki | 2.5 (including) | 2.5 (including) |
| Ikiwiki | Ikiwiki | 2.6 (including) | 2.6 (including) |
| Ikiwiki | Ikiwiki | 2.7 (including) | 2.7 (including) |
| Ikiwiki | Ikiwiki | 2.8 (including) | 2.8 (including) |
| Ikiwiki | Ikiwiki | 2.9 (including) | 2.9 (including) |
| Ikiwiki | Ikiwiki | 2.10 (including) | 2.10 (including) |
| Ikiwiki | Ikiwiki | 2.11 (including) | 2.11 (including) |
| Ikiwiki | Ikiwiki | 2.12 (including) | 2.12 (including) |
| Ikiwiki | Ikiwiki | 2.13 (including) | 2.13 (including) |
| Ikiwiki | Ikiwiki | 2.14 (including) | 2.14 (including) |
| Ikiwiki | Ikiwiki | 2.15 (including) | 2.15 (including) |
| Ikiwiki | Ikiwiki | 2.16 (including) | 2.16 (including) |
| Ikiwiki | Ikiwiki | 2.17 (including) | 2.17 (including) |
| Ikiwiki | Ikiwiki | 2.18 (including) | 2.18 (including) |
| Ikiwiki | Ikiwiki | 2.19 (including) | 2.19 (including) |
| Ikiwiki | Ikiwiki | 2.20 (including) | 2.20 (including) |
| Ikiwiki | Ikiwiki | 2.30 (including) | 2.30 (including) |
| Ikiwiki | Ikiwiki | 2.31 (including) | 2.31 (including) |
| Ikiwiki | Ikiwiki | 2.31.1 (including) | 2.31.1 (including) |
| Ikiwiki | Ikiwiki | 2.31.2 (including) | 2.31.2 (including) |
| Ikiwiki | Ikiwiki | 2.31.3 (including) | 2.31.3 (including) |
| Ikiwiki | Ikiwiki | 2.40 (including) | 2.40 (including) |
| Ikiwiki | Ikiwiki | 2.41 (including) | 2.41 (including) |
| Ikiwiki | Ikiwiki | 2.42 (including) | 2.42 (including) |
| Ikiwiki | Ikiwiki | 2.43 (including) | 2.43 (including) |
| Ikiwiki | Ikiwiki | 2.44 (including) | 2.44 (including) |
| Ikiwiki | Ikiwiki | 2.47 (including) | 2.47 (including) |
| Ikiwiki | Ubuntu | feisty | * |
| Ikiwiki | Ubuntu | gutsy | * |
| Ikiwiki | Ubuntu | hardy | * |
| Ikiwiki | Ubuntu | upstream | * |