Security Database IT Watching - Alert Detail

INFORMATION

Name	:	CVE-2008-5158	First Publication	:	2008-11-18
Severity	:	High	Last Modification	:	2009-01-29

SCORING CVSS v2

Cvss Base Score	:	7.5	Attack Range	:	Network
Cvss Impact Score	:	6.4	Attack Complexity	:	Low
Cvss Expoit Score	:	10	Authentification	:	None Required
Calculate full CVSS 2.0 Vectors scores

DETAIL

Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage."

CWE COMMON WEAKNESS ENUMERATION

CWE-287 - Improper Authentication

CPE COMMON PLATFORM ENUMERATION

Application : Clientsoftware Wincome mpd total
- cpe:/a:clientsoftware:wincome_mpd_total:3.0.2.623

OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

42862 : Client Software WinComLPD Total Administration Authentication Bypass.

SECONDARY(S) SOURCE(S)

Source : BID
Url : http://www.securityfocus.com/bid/27614

Source : BUGTRAQ
Url : http://www.securityfocus.com/archive/1/archive/1/487507/100/200/threaded

Source : MISC
Url : http://aluigi.org/adv/wincomalpd-adv.txt
Url : http://aluigi.org/poc/wincomalpd.zip

Source : SECUNIA
Url : http://secunia.com/advisories/28763

Source : SREASON
Url : http://securityreason.com/securityalert/4610

Source : VUPEN
Url : http://www.frsirt.com/english/advisories/2008/0410