CVE-2014-9578

VDG Security SENSE <2.3.13 - Auth Bypass

Title source: llm

Description

VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of a password hash.

References (3)

Core 3

Core References

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Dec/76

Exploit x_refsource_misc

http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html

Exploit x_refsource_misc

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt

Scores

EPSS 0.0222

EPSS Percentile 80.5%

Details

CWE

CWE-287

Status published

Products (1)

vdgsecurity/vdg_sense 2.3.13

Published Jan 08, 2015

Tracked Since Feb 18, 2026