An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password's MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user (aka a "Backdoor Password" of 3p1kursupport). If the submitted password matches either one, access is granted.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.x41-dsec.de/lab/advisories/x41-2020-003-epikur |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-05T09:21:27
Updated: 2024-08-04T11:06:09.565Z
Reserved: 2020-03-13T00:00:00
Link: CVE-2020-10539
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-02-05T14:15:15.373
Modified: 2024-11-21T04:55:32.520
Link: CVE-2020-10539
Redhat
No data.