CVE Vulnerability

CVE-2007-4609

eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values.

6.4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

Scope

References
Link Resource
http://securityreason.com/securityalert/3081
http://osvdb.org/45836
http://www.securityfocus.com/archive/1/477866/100/0/threaded
Configurations

Configuration 1

cpe:2.3:o:eyeos_project:eyeos:*:*:*:*:*:*:*:*
Information

Published : 2007-08-31 12:17

Updated : 2018-10-15 09:36

NVD link : CVE-2007-4609

Mitre link : CVE-2007-4609

Products Affected
No products.
CWE
CWE-264