Description
phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username.
References (4)
Core 4
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9417.php
Patch, Vendor Advisory x_refsource_confirm
http://sourceforge.net/forum/forum.php?forum_id=188359
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102508071021631&w=2
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5090
Scores
EPSS
0.0062
EPSS Percentile
70.2%
Details
Status
published
Products (1)
php/phpsquidpass
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026