Vulnerability Details : CVE-2007-4961
Potential exploit
The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server.
Products affected by CVE-2007-4961
- cpe:2.3:a:lindenlab:second_life:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-4961
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4961
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | 2024-02-10 |
CWE ids for CVE-2007-4961
-
Assigned by: nvd@nist.gov (Primary)
-
Assigned by: nvd@nist.gov (Primary)
-
The product does not encrypt sensitive or critical information before storage or transmission.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-4961
-
http://osvdb.org/45947
Broken Link
-
http://www.gnucitizen.org/blog/ie-pwns-secondlife
IE Pwns SecondLifeExploit
Jump to