CVE-2014-8347

HIGH

Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04 - Authentication Bypass via MatchPasswordData Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8347. PoCs published by Giuseppe D'Amore.

AI-analyzed exploit summary The advisory describes an authentication bypass and privilege escalation vulnerability in FileMaker Pro due to a flaw in the MatchPasswordData function, where modifying a single bit (AL register) can bypass authentication and grant admin privileges.

Description

An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges.

Exploits (1)

exploitdb WRITEUP

by Giuseppe D'Amore · textlocalwindows

https://www.exploit-db.com/exploits/35077

View Code ZIP pw:eip

The advisory describes an authentication bypass and privilege escalation vulnerability in FileMaker Pro due to a flaw in the MatchPasswordData function, where modifying a single bit (AL register) can bypass authentication and grant admin privileges.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: FileMaker Pro 13.0v3 - FileMaker Pro Advanced 12.0v4

No auth needed

Prerequisites: Local access to the system running FileMaker Pro

MITRE ATT&CK

T1550.001 - Application Access Token

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/128853/Filemaker-Login-Bypass-Privilege-Escalation.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://www.exploit-db.com/exploits/35077

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/97780

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.securityfocus.com/archive/1/533814

Exploit, Third Party Advisory x_refsource_misc

https://lists.openwall.net/bugtraq/2014/10/27/4

Scores

CVSS v3 7.8

EPSS 0.0135

EPSS Percentile 68.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (2)

claris/filemaker_pro 13.03

claris/filemaker_pro_advanced 12.0.4.0

Published Feb 11, 2020

Tracked Since Feb 18, 2026