CVE Vulnerabilities

CVE-2014-3781

Improper Authentication

Published: Jun 11, 2014 | Modified: Jun 12, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Dotclear Dotclear * 2.6.2
Dotclear Dotclear 2.6 2.6
Dotclear Dotclear 2.6.1 2.6.1
Dotclear Dotclear 2.6 2.6

Potential Mitigations

References