CVE-2018-10362: Authentication bypass
Bug #1767723 reported by
Nicholas Guriev
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
phpliteadmin (Ubuntu) |
Fix Released
|
Undecided
|
Steve Beattie |
Bug Description
Steps to reproduce:
1. Set the '0e1234567890' string as password in the /etc/phpliteadm
2. Enter '0' at the login form at http://
Expected behaviour:
1. The message 'Invalid password' will be shown.
Real behaviour:
1. You'll get logged in successfully.
Package version: 1.9.7.1-1
CVE References
Changed in phpliteadmin (Ubuntu): | |
status: | New → In Progress |
assignee: | nobody → Steve Beattie (sbeattie) |
To post a comment you must log in.
Thanks, this looks good. I tweaked the launchpad bug ref ever so slightly on the changelog. I will publish momentarily.