Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpMyAdmin 安全漏洞
Vulnerability Description
phpMyAdmin中存在安全漏洞,该漏洞源于用户没有在加密cookies时指定‘blowfish_secret’钥匙。攻击者可利用该漏洞设定用户的‘blowfish_secret’钥匙,并解码他们的cookies。以下版本受到影响:phpMyAdmin 4.6.4之前的4.6.x版本,4.4.15.8之前的4.4.x版本,4.0.10.17之前的4.0.x版本。
CVSS Information
N/A
Vulnerability Type
N/A