Info

Disclosure

Jan 07, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

mod_auth_shadow contains a flaw that may allow a malicious user to log in with an expired account. The issue is triggered because mod_auth_shadow doesn't check for account expiration. It is possible that the flaw may allow an attacker to log in with an expired account resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Unknown or Incomplete

Solution

Upgrade to version 1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Brian Duggan	mod_auth_shadow	1.0
		1.1
		1.2
		1.3

References

Secunia Advisory ID: 10612
CVE ID: 2004-0041 (see also: NVD)
Vendor URL: http://sourceforge.net/project/showfiles.php?group_id=11283&package_id=10508

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/3454

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Brian Duggan

mod_auth_shadow

References

Credit