Use of a Broken or Risky Cryptographic Algorithm

CVE-2018-10084

High

8.8/10

Summary

CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

References

Advisory Timeline

Published Apr 13, 2018

Use of a Broken or Risky Cryptographic Algorithm

CVE-2018-10084

Summary

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS