Vulnerability Details : CVE-2005-0408
CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable.
Exploit prediction scoring system (EPSS) score for CVE-2005-0408
3.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less