CVE-2008-0169

EUVD-2008-0181
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
ikiwikiikiwiki
1.5
ikiwikiikiwiki
1.34
ikiwikiikiwiki
1.34.1
ikiwikiikiwiki
1.34.2
ikiwikiikiwiki
1.35
ikiwikiikiwiki
1.36
ikiwikiikiwiki
1.37
ikiwikiikiwiki
1.38
ikiwikiikiwiki
1.39
ikiwikiikiwiki
1.40
ikiwikiikiwiki
1.41
ikiwikiikiwiki
1.42
ikiwikiikiwiki
1.43
ikiwikiikiwiki
1.44
ikiwikiikiwiki
1.45
ikiwikiikiwiki
1.46
ikiwikiikiwiki
1.47
ikiwikiikiwiki
1.48
ikiwikiikiwiki
1.49
ikiwikiikiwiki
1.51
ikiwikiikiwiki
2.0
ikiwikiikiwiki
2.1
ikiwikiikiwiki
2.2
ikiwikiikiwiki
2.3
ikiwikiikiwiki
2.4
ikiwikiikiwiki
2.5
ikiwikiikiwiki
2.6
ikiwikiikiwiki
2.7
ikiwikiikiwiki
2.8
ikiwikiikiwiki
2.9
ikiwikiikiwiki
2.10
ikiwikiikiwiki
2.11
ikiwikiikiwiki
2.12
ikiwikiikiwiki
2.13
ikiwikiikiwiki
2.14
ikiwikiikiwiki
2.15
ikiwikiikiwiki
2.16
ikiwikiikiwiki
2.17
ikiwikiikiwiki
2.18
ikiwikiikiwiki
2.19
ikiwikiikiwiki
2.20
ikiwikiikiwiki
2.30
ikiwikiikiwiki
2.31
ikiwikiikiwiki
2.31.1
ikiwikiikiwiki
2.31.2
ikiwikiikiwiki
2.31.3
ikiwikiikiwiki
2.40
ikiwikiikiwiki
2.41
ikiwikiikiwiki
2.42
ikiwikiikiwiki
2.43
ikiwikiikiwiki
2.44
ikiwikiikiwiki
2.47
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ikiwiki
bookworm
3.20200202.3-1
fixed
bullseye
3.20200202.3-1
fixed
etch
not-affected
sid
3.20200202.4-2.1
fixed
trixie
3.20200202.4-2.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ikiwiki
dapper
dne
feisty
ignored
gutsy
ignored
hardy
ignored
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770
http://ikiwiki.info/news/version_2.48/index.html
http://ikiwiki.info/security/#index33h2
http://secunia.com/advisories/30468
http://www.openwall.com/lists/oss-security/2008/05/31/3
http://www.securityfocus.com/bid/29479
http://www.vupen.com/english/advisories/2008/1710
https://exchange.xforce.ibmcloud.com/vulnerabilities/42798
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770
http://ikiwiki.info/news/version_2.48/index.html
http://ikiwiki.info/security/#index33h2
http://secunia.com/advisories/30468
http://www.openwall.com/lists/oss-security/2008/05/31/3
http://www.securityfocus.com/bid/29479
http://www.vupen.com/english/advisories/2008/1710
https://exchange.xforce.ibmcloud.com/vulnerabilities/42798