id: CVE-2005-3344 info: name: Horde Groupware Unauthenticated Admin Access author: pikpikcu severity: critical description: Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access. remediation: | Apply the latest security patches or upgrade to a patched version of Horde Groupware to fix the vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2005-3344 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3344 - http://www.debian.org/security/2005/dsa-884 - http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html - https://exchange.xforce.ibmcloud.com/vulnerabilities/24576 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C cvss-score: 10 cve-id: CVE-2005-3344 cwe-id: NVD-CWE-Other epss-score: 0.02158 epss-percentile: 0.88118 cpe: cpe:2.3:a:horde:horde:3.0.4:*:*:*:*:*:*:* metadata: max-request: 2 vendor: horde product: horde tags: cve,cve2005,horde,unauth http: - method: GET path: - "{{BaseURL}}/horde/admin/user.php" - "{{BaseURL}}/admin/user.php" headers: Content-Type: text/html matchers-condition: and matchers: - type: word words: - "