Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WoW Raid Manager 'auth/auth_phpbb3.php'信任管理漏洞
Vulnerability Description
当使用PHPBB3身份认证时,WoW Raid Manager补丁1之前的3.5.1版本中的auth/auth_phpbb3.php里的密码-确认函数,没有调用带有需要的自变量的确认密码函数,这会经常触发身份认证失败;并且在身份认证失败时,返回真实的而非错误的,这使得远程攻击者可以借助一个任意密码,绕过身份认证和获得特权。
CVSS Information
N/A
Vulnerability Type
N/A