{"vuid":"VU#186131","idnumber":"186131","name":"Blahz-DNS does not properly authenticate users before granting access to various configuration pages","keywords":["Blahz-DNS","poor authentication","configuration page","login.php"],"overview":"Blahz-DNS does not properly authenticate users.","clean_desc":"Blahz-DNS does not properly authenticate users. As a result, an attacker can gain access to various configuration pages. For more detailed information, please see the ppp-design advisory.","impact":"An attacker can gain access to various configuration pages and make modifications to DNS information.","resolution":"Upgrade to version to .25.","workarounds":"","sysaffected":"","thanks":"Thanks to ppp-design for reporting this vulnerability.","author":"This document was written by Ian A. Finlay.","public":["http://blahzdns.sourceforge.net","http://www.ppp-design.de/advisories.php","http://www.securityfocus.com/bid/4618","http://www.iss.net/security_center/static/8951.php","http://sourceforge.net/project/shownotes.php?release_id=87004","http://archives.neohapsis.com/archives/bugtraq/2002-04/0395.html"],"cveids":["CVE-2002-0599"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-04-29T19:30:12Z","publicdate":"2002-04-29T00:00:00Z","datefirstpublished":"2003-03-21T15:14:25Z","dateupdated":"2003-03-21T15:14:29Z","revision":10,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"10","cam_internetinfrastructure":"19","cam_population":"3","cam_impact":"20","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"16.5375","cam_scorecurrentwidelyknown":"16.5375","cam_scorecurrentwidelyknownexploited":"19.9125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":16.5375,"vulnote":null}