CVE-2014-9578

VDG Security SENSE <2.3.13 - Auth Bypass

Title source: llm

Description

VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of a password hash.

References (3)

[Exploit] http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html

[Exploit] http://seclists.org/fulldisclosure/2014/Dec/76

[Exploit] https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt

Scores

EPSS 0.0049

EPSS Percentile 65.3%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

vdgsecurity/vdg_sense

Timeline

Published Jan 08, 2015

Tracked Since Feb 18, 2026