Adobe ColdFusion 9.0/9.0.1/9.0.2 Password Authentication weak authentication
|CVSSv3 Temp Score||Current Exploit Price (≈)|
A vulnerability, which was classified as critical, was found in Adobe ColdFusion 9.0/9.0.1/9.0.2. This affects an unknown function of the component Password Authentication. The manipulation with an unknown input leads to a weak authentication vulnerability. This is going to have an impact on confidentiality, and integrity.
The weakness was released 09/20/2013 with Immunity as CVE-2010-5290 as confirmed cve entry (MITRE CVE). The advisory is shared for download at cve.mitre.org. The public release happened without involvement of Adobe. This vulnerability is uniquely identified as CVE-2010-5290 since 09/20/2013. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Neither technical details nor an exploit are publicly available.
Upgrading to version 10 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at X-Force (87740).
CVSSv3Base Score: 6.5 [?]
Temp Score: 5.7 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C [?]
CVSSv2Base Score: 5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N) [?]
Temp Score: 4.3 (CVSS2#E:U/RL:OF/RC:C) [?]
ExploitingClass: Weak authentication (CWE-255)
Current Price Estimation: $2k-$5k (0-day) / $0-$1k (Today)
Status: Official fix
0-Day Time: 0 days since found
Upgrade: ColdFusion 10
Timeline09/20/2013 Advisory disclosed
09/20/2013 +0 days CVE assigned
09/20/2013 +0 days NVD disclosed
09/24/2013 +4 days VulDB entry created
12/18/2015 +815 days VulDB entry updated
CVE: CVE-2010-5290 (mitre.org) (nvd.nist.org) (cvedetails.com)
X-Force: 87740 - Adobe ColdFusion authentication process privilege escalation, High Risk
OSVDB: 97553 - Adobe ColdFusion Password Hash Authentication Configuration File Access Weakness
Entry: 81.3% complete