Fluid Attacks Database

Description

phpMyAdmin ReCaptcha bypass libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	phpmyadmin/phpmyadmin	>=4.3.0 <4.3.13.2 \|\| >=4.4.0 <4.4.14.1	4.3.13.2, 4.4.14.1
debian 13	phpmyadmin	>=0 <4:4.4.14.1-1	4:4.4.14.1-1
debian 12	phpmyadmin	>=0 <4:4.4.14.1-1	4:4.4.14.1-1
debian 11	phpmyadmin	>=0 <4:4.4.14.1-1	4:4.4.14.1-1

Aliases

1. CVE-2015-68302. NVD-2015-68303. OSV-2015-68304. OSV-DEBIAN-2015-68305. GCVE-2015-68306. SECURITY-TRACKER-CVE-2015-6830

References

1. https://github.com/phpmyadmin/phpmyadmin/commit/0314e67900f01410bc8c81c58a40dc0515e3c91d2. https://github.com/phpmyadmin/phpmyadmin/commit/785f4e2711848eb8945894199d5870253a88584e3. https://web.archive.org/web/20200228052837/http://www.securityfocus.com/bid/766744. https://web.archive.org/web/20211215060142/http://www.securitytracker.com/id/10335465. https://www.phpmyadmin.net/security/PMASA-2015-46. http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166294.html7. http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166307.html8. http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166531.html9. http://www.debian.org/security/2015/dsa-3382

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.