Ubuntu
phpliteadmin package

CVE-2018-10362: Authentication bypass

Bug #1767723 reported by Nicholas Guriev
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
phpliteadmin (Ubuntu)
Fix Released
Undecided
Steve Beattie

Bug Description

Steps to reproduce:

 1. Set the '0e1234567890' string as password in the /etc/phpliteadmin.config.php file.
 2. Enter '0' at the login form at http://localhost/phpliteadmin/phpliteadmin.php

Expected behaviour:

 1. The message 'Invalid password' will be shown.

Real behaviour:

 1. You'll get logged in successfully.

Package version: 1.9.7.1-1

CVE References

Revision history for this message
Nicholas Guriev (mymedia) wrote :
information type: Private Security → Public Security
Steve Beattie (sbeattie)
Changed in phpliteadmin (Ubuntu):
status: New → In Progress
assignee: nobody → Steve Beattie (sbeattie)
Revision history for this message
Steve Beattie (sbeattie) wrote :

Thanks, this looks good. I tweaked the launchpad bug ref ever so slightly on the changelog. I will publish momentarily.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package phpliteadmin - 1.9.7.1-1ubuntu0.1

---------------
phpliteadmin (1.9.7.1-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: authentication bypass (LP: #1767723)
    - debian/patches/Fix-authentication-bypass.patch:
      replace == with === in password comparation in
      classes/Authorization.php. Based on upstream commit
    - CVE-2018-10362

 -- Nicholas Guriev <email address hidden> Sat, 28 Apr 2018 00:14:25 +0300

Changed in phpliteadmin (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.