id: CVE-2005-3344 info: name: Horde Groupware Unauthenticated Admin Access author: pikpikcu severity: critical description: Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access. reference: - https://nvd.nist.gov/vuln/detail/CVE-2005-3344 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3344 - http://www.debian.org/security/2005/dsa-884 - http://web.archive.org/web/20210206055804/https://www.securityfocus.com/bid/15337 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C cvss-score: 10 cve-id: CVE-2005-3344 cwe-id: NVD-CWE-Other tags: cve,cve2005,horde,unauth metadata: max-request: 2 http: - method: GET path: - "{{BaseURL}}/horde/admin/user.php" - "{{BaseURL}}/admin/user.php" headers: Content-Type: text/html matchers-condition: and matchers: - type: word words: - "Horde :: User Administration" - type: status status: - 200 # Enhanced by mp on 2022/03/18