CVE-2017-0356
CRITICALikiwiki < 3.20170111 - Authentication Bypass via Repeated Parameters
Title source: llmDescription
A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.
References (4)
Core 4
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2017/dsa-3760
Vendor Advisory x_refsource_confirm
https://ikiwiki.info/security/#cve-2017-0356
Exploit, Third Party Advisory mailing-list
x_refsource_mlist
https://marc.info/?l=oss-security&m=148418234314276&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95420
Scores
CVSS v3
9.8
EPSS
0.0346
EPSS Percentile
87.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (3)
debian/debian_linux
7.0
debian/debian_linux
8.0
ikiwiki/ikiwiki
< 3.20170111
Published
Apr 13, 2018
Tracked Since
Feb 18, 2026