CVE-2008-0169
EPSS 0.47%
Description
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
How to fix CVE-2008-0169
To remediate CVE-2008-0169, upgrade the affected package to a fixed version below.
- Debian/ikiwiki—upgrade to 2.48 or later
Is CVE-2008-0169 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.48