HTTP: phpBB Authentication Bypass
This signature detects a malicious request to a Web server running the phpBB software. By sending phpBB a request containing a maliciously crafted HTTP cookie, a client can bypass phpBB's authentication restrictions.
Extended Description
phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability would permit unauthorized access to any known account including the administrator account. The vendor has addressed this issue in phpBB 2.0.13.
Affected Products
Phpbb_group phpbb
Short Name
HTTP:PHP:PHPBB:AUTH-BYPASS
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Authentication Bypass CVE-2005-0614 bid:12678 phpBB
Release Date
04/20/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Phpbb_group
Gentoo
CVSS Score
7.5