CVE-2020-10539
CRITICALepikur < 20.1.1 - Unauthenticated Backdoor Password Bypass via Hardcoded MD5 Hash
Title source: llmDescription
An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password's MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user (aka a "Backdoor Password" of 3p1kursupport). If the submitted password matches either one, access is granted.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.x41-dsec.de/lab/advisories/x41-2020-003-epikur
Scores
CVSS v3
9.8
EPSS
0.0146
EPSS Percentile
70.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
epikur/epikur
< 20.1.1
Published
Feb 05, 2021
Tracked Since
Feb 18, 2026