CVE Vulnerabilities

CVE-2008-0410

Improper Authentication

Published: Jan 29, 2008 | Modified: Oct 15, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Http_file_server Hfs * 2.2b

Potential Mitigations

References