id: CVE-2005-3344 info: name: Horde Groupware Unauthenticated Admin Access author: pikpikcu severity: critical description: Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access. reference: - https://nvd.nist.gov/vuln/detail/CVE-2005-3344 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3344 - http://www.debian.org/security/2005/dsa-884 - http://www.securityfocus.com/bid/15337/ classification: cve-id: CVE-2005-3344 tags: horde,unauth requests: - method: GET path: - "{{BaseURL}}/horde/admin/user.php" - "{{BaseURL}}/admin/user.php" headers: Content-Type: text/html matchers-condition: and matchers: - type: word words: - "Horde :: User Administration" condition: and - type: status status: - 200 # Enhanced by mp on 2022/03/18