CVE-2010-1040

OpenPNE - Auth Bypass

Title source: llm

Description

The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.

References (5)

[Various Sources] http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html

[Third Party Advisory] http://jvn.jp/en/jp/JVN06874657/index.html

[Third Party Advisory] http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html

[Vendor Advisory] http://secunia.com/advisories/38857

[Vendor Advisory] http://www.openpne.jp/archives/4612/

Scores

EPSS 0.0024

EPSS Percentile 47.1%

Classification

CWE

CWE-287

Status draft

Affected Products (50)

tejimaya/openpne

tejimaya/openpne

tejimaya/openpne

tejimaya/openpne

tejimaya/openpne

tejimaya/openpne

tejimaya/openpne

tejimaya/openpne

tejimaya/openpne

tejimaya/openpne

tejimaya/openpne

tejimaya/openpne

tejimaya/openpne

tejimaya/openpne

tejimaya/openpne

... and 35 more

Timeline

Published Mar 23, 2010

Tracked Since Feb 18, 2026