An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password's MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user (aka a "Backdoor Password" of 3p1kursupport). If the submitted password matches either one, access is granted.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-05T09:21:27

Updated: 2024-08-04T11:06:09.565Z

Reserved: 2020-03-13T00:00:00

Link: CVE-2020-10539

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-02-05T14:15:15.373

Modified: 2024-11-21T04:55:32.520

Link: CVE-2020-10539

cve-icon Redhat

No data.