Authentication Bypass in Dotclear 2.6.2 and Earlier Versions
CVE-2014-3781

Currently unrated

Key Information:

Vendor

Dotclear

Status
Dotclear
Vendor
CVE Published:
11 June 2014

What is CVE-2014-3781?

The dcXmlRpc::setUser method in the Dotclear application, prior to version 2.6.3, allows remote attackers to circumvent authentication mechanisms. This vulnerability stems from the ability to submit an empty password within XML-RPC requests, potentially enabling unauthorized access to user accounts and sensitive data. Users of affected versions are strongly encouraged to update to version 2.6.3 or later to mitigate these security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://dotclear.org/blog/post/2014/05/16/Dotclear-2.6.3
x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2014/May/107
mailing-listx_refsource_FULLDISC
http://secunia.com/advisories/58675
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.