Authentication Bypass in HandsomeWeb SOS Webpages before 1.1.12

Authentication Bypass in HandsomeWeb SOS Webpages before 1.1.12

CVE-2014-3445 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.

Learn more about our Web App Pen Testing.