CVE-2007-4961
Last modified
CVE-2007-4961 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server.. EPSS estimates a 1.27% chance of exploitation in the next 30 days.
Description
The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lindenlab | Second Life | All versions |
References
- http://osvdb.org/45947Broken Link
- http://osvdb.org/45947Broken Link
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-4961?
How severe is CVE-2007-4961?
How do I fix CVE-2007-4961?
Are you affected by CVE-2007-4961?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST