Password Modification Flaw in Cobalt RaQ2 Server by Cobalt Networks
CVE-2000-0117

Currently unrated

Key Information:

Vendor: Oracle
Status: Cobalt Raq 3i; Cobalt Raq 2; Cobalt Raq
Vendor: CVE Published:; 30 January 2000

Summary

The Cobalt RaQ2 server is vulnerable due to the siteUserMod.cgi program, which allows Site Administrators to alter passwords for other users, including potentially gaining access to admin (root) accounts. This flaw creates a significant risk as it undermines user access controls. Administrators need to be cautious and secure their environments to prevent unauthorized modifications by privileged accounts.

References

http://www.securityfocus.com/bid/951

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Feb 8, 2000
Vulnerability published
Jan 30, 2000