CVE-2015-6830

Description

libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.

How to fix CVE-2015-6830

To remediate CVE-2015-6830, upgrade the affected package to a fixed version below.

• Debian/phpmyadmin—upgrade to 4:4.4.14.1-1 or later
• Packagist/phpmyadmin/phpmyadmin—upgrade to 4.3.13.2 or later

Is CVE-2015-6830 being exploited?

Moderate — EPSS is 21.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 4:4.4.14.1-1
• >= 4.3.0, < 4.3.13.2

References (11)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-6830
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-6830
• WEBlists.fedoraproject.org/pipermail/package-announce/2015-September/166294.html
• WEBlists.fedoraproject.org/pipermail/package-announce/2015-September/166307.html