CVE-2007-4609

Published Aug 31, 2007

Last updated 6 years ago

Overview

Description: eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:eyeos_project:eyeos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B91A5AC-C5FB-4F76-BEF1-6C537C894CF9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References