CVE Vulnerabilities

CVE-2018-10362

Improper Authentication

Published: Apr 25, 2018 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
HIGH

An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with == instead of === in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation (like 2e2 for 200 or 0e1234 for 0). This is possible because, in the loose comparison case, PHP interprets the string as a number in scientific notation, and thus converts it to a number. After that, the comparison with == casts the user input (e.g., the string 200 or 0) to a number, too. Hence the attacker can login with just a 0 or a simple number he has to brute force. Strong comparison with === prevents the cast into numbers.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Phpliteadmin Phpliteadmin 1.9.5 (including) 1.9.7.1 (including)
Phpliteadmin Ubuntu bionic *
Phpliteadmin Ubuntu upstream *

Potential Mitigations

References