CVE-2014-3445

CRITICAL

Handsomeweb Sos Webpages - Insufficiently Protected Credentials

Title source: rule

Description

backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.

References (5)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2014/May/130

[Third Party Advisory] http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/67644

[Exploit, Third Party Advisory] https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/

Scores

CVSS v3 9.8

EPSS 0.0439

EPSS Percentile 88.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

handsomeweb/sos_webpages < 1.1.12

Timeline

Published Jan 28, 2020

Tracked Since Feb 18, 2026