CVE-2011-1560

Severity

93%

Complexity

86%

Confidentiality

165%

solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

IBM solidDB

First reported 13 years ago

2011-04-05 15:19:00

Last updated 7 years ago

2017-08-17 01:34:00

Affected Software

IBM solidDB 4.5.167

4.5.167

IBM solidDB 4.5.168

4.5.168

IBM solidDB 4.5.169

4.5.169

IBM solidDB 4.5.173

4.5.173

IBM solidDB 4.5.175

4.5.175

IBM solidDB 4.5.176

4.5.176

IBM solidDB 4.5.178

4.5.178

IBM solidDB 6.0.1060

6.0.1060

IBM solidDB 6.0.1061

6.0.1061

IBM solidDB 6.0.1064

6.0.1064

IBM solidDB 6.0.1065

6.0.1065

IBM solidDB 6.0.1066

6.0.1066

IBM solidDB 6.1

6.1

IBM solidDB 6.1.20

6.1.20

IBM solidDB 6.3.33 (6.3 Fix Pack 2)

6.3.33

IBM solidDB 6.3.37 (6.3 Fix Pack 3)

6.3.37

IBM solidDB 6.3.38

6.3.38

IBM solidDB 6.5.0.0

6.5.0.0

IBM solidDB 6.5.0.1 (Fix Pack 1)

6.5.0.1

IBM solidDB 6.5.0.2 (Fix Pack 2)

6.5.0.2

IBM solidDB 6.30.0039 (6.3 Fix Pack 4)

6.30.0039

IBM solidDB 6.30.0040 (6.3 Fix Pack 5)

6.30.0040

IBM solidDB 6.30.0044 (6.3 Fix Pack 6)

6.30.0044

References

71494

44030

http://www.ibm.com/support/docview.wss?uid=swg21474552

Vendor Advisory

ADV-2011-0854

http://www.zerodayinitiative.com/advisories/ZDI-11-115/

soliddb-auth-bypass(66455)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.