CVE-2002-1656

X-News 1.1 - Authentication Bypass via MD5 Password Hash Cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1656. PoCs published by bd0rk.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in x-news 1.1, where user credentials are stored in plaintext in a publicly accessible file. The exploit details the path to the file containing usernames, MD5 hashes, and emails.

Description

X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.

Exploits (1)

exploitdb WRITEUP VERIFIED
by bd0rk · textwebappsphp
https://www.exploit-db.com/exploits/3043

This is a writeup describing an information disclosure vulnerability in x-news 1.1, where user credentials are stored in plaintext in a publicly accessible file. The exploit details the path to the file containing usernames, MD5 hashes, and emails.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: x-news 1.1
No auth needed
Prerequisites: Network access to the target server · x-news 1.1 installed with default configuration
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/162723
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1003828
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8465
Various Sources x_refsource_misc
http://www.ifrance.com/kitetoua/tuto/x_holes.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4283

Scores

EPSS 0.0394
EPSS Percentile 89.0%

Details

Status published
Products (2)
xqus/x-news 1.0
xqus/x-news 1.1
Published Dec 31, 2002
Tracked Since Feb 18, 2026