CVE Vulnerabilities

CVE-2014-3781

Improper Authentication

Published: Jun 11, 2014 | Modified: Jun 12, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Dotclear Dotclear * 2.6.2 (including)
Dotclear Dotclear 2.6 (including) 2.6 (including)
Dotclear Dotclear 2.6-rc (including) 2.6-rc (including)
Dotclear Dotclear 2.6.1 (including) 2.6.1 (including)
Dotclear Ubuntu precise *
Dotclear Ubuntu saucy *
Dotclear Ubuntu trusty *
Dotclear Ubuntu upstream *
Dotclear Ubuntu utopic *
Dotclear Ubuntu vivid *
Dotclear Ubuntu wily *

Potential Mitigations

References