CVE-2014-3445
CRITICALHandsomeWeb SOS Webpages < 1.1.12 - Unauthenticated Backup Hash Disclosure
Title source: llmDescription
backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.
References (5)
Core 5
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.html
Third Party Advisory x_refsource_misc
http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2014/May/130
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/67644
Exploit, Third Party Advisory x_refsource_misc
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/
Scores
CVSS v3
9.8
EPSS
0.0534
EPSS Percentile
91.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (1)
handsomeweb/sos_webpages
< 1.1.12
Published
Jan 28, 2020
Tracked Since
Feb 18, 2026