Candidate: CVE-2018-10362
PublicDate: 2018-04-25 05:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10362
 https://github.com/phpLiteAdmin/pla/issues/11
 http://k3research.outerhaven.de/posts/small-mistakes-lead-to-big-problems.html
Description:
 An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose
 comparison with '==' instead of '===' in classes/Authorization.php for the
 user-provided login password, it is possible to login with a simpler
 password if the password has the form of a power in scientific notation
 (like '2e2' for '200' or '0e1234' for '0'). This is possible because, in
 the loose comparison case, PHP interprets the string as a number in
 scientific notation, and thus converts it to a number. After that, the
 comparison with '==' casts the user input (e.g., the string '200' or '0')
 to a number, too. Hence the attacker can login with just a '0' or a simple
 number he has to brute force. Strong comparison with '===' prevents the
 cast into numbers.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896682
 https://bugs.launchpad.net/bugs/1767723
Priority: high
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_phpliteadmin:
upstream_phpliteadmin: needed
precise/esm_phpliteadmin: DNE
trusty_phpliteadmin: DNE
trusty/esm_phpliteadmin: DNE
xenial_phpliteadmin: DNE
artful_phpliteadmin: DNE
bionic_phpliteadmin: released (1.9.7.1-1ubuntu0.1)
devel_phpliteadmin: not-affected (1.9.7.1-1ubuntu0.1)