Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03NnJoLXh2MzYtOW1yY81-fg
PEAR::Auth potential authentication bypass vulnerability
Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."
Permalink: https://github.com/advisories/GHSA-76rh-xv36-9mrcJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NnJoLXh2MzYtOW1yY81-fg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 3 months ago
Identifiers: GHSA-76rh-xv36-9mrc, CVE-2006-0868
References:
- https://nvd.nist.gov/vuln/detail/CVE-2006-0868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24854
- http://pear.php.net/package/Auth/download/1.2.4
- http://pear.php.net/package/Auth/download/1.3.0r4
- http://www.gentoo.org/security/en/glsa/glsa-200603-13.xml
- https://web.archive.org/web/20060315074736/http://securitytracker.com/alerts/2006/Feb/1015666.html
- https://web.archive.org/web/20060408105851/http://www.securityfocus.com/bid/16758
- https://web.archive.org/web/20201207144810/http://www.securityfocus.com/archive/1/425796/100/0/threaded
- https://github.com/advisories/GHSA-76rh-xv36-9mrc
Affected Packages
packagist:pear/auth
Dependent packages: 0Dependent repositories: 5
Downloads: 4,538 total
Affected Version Ranges: >= 1.3.0r1, < 1.3.0r4, < 1.2.4
Fixed in: 1.3.0r4, 1.2.4
All affected versions: 0.0.3
All unaffected versions: 1.6.4