glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_password cookie, aka User Masquerading. NOTE: this can be leveraged with a separate SQL injection vulnerability to steal hashes.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Glfusion | Glfusion | * | 1.1.2 (including) |
Glfusion | Glfusion | 1.0.0 (including) | 1.0.0 (including) |
Glfusion | Glfusion | 1.0.0-rc1 (including) | 1.0.0-rc1 (including) |
Glfusion | Glfusion | 1.0.0-rc2 (including) | 1.0.0-rc2 (including) |
Glfusion | Glfusion | 1.0.1 (including) | 1.0.1 (including) |
Glfusion | Glfusion | 1.0.2 (including) | 1.0.2 (including) |
Glfusion | Glfusion | 1.1.0 (including) | 1.1.0 (including) |
Glfusion | Glfusion | 1.1.0-rc1 (including) | 1.1.0-rc1 (including) |
Glfusion | Glfusion | 1.1.1 (including) | 1.1.1 (including) |