Bug 1437828 (CVE-2017-18264) - CVE-2017-18264 phpMyAdmin: Bypass $cfg['Servers'][$i]['AllowNoPassword']
Summary: CVE-2017-18264 phpMyAdmin: Bypass $cfg['Servers'][$i]['AllowNoPassword']
Keywords:
Status: NEW
Alias: CVE-2017-18264
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20170328,repor...
Depends On: 1437829 1437830 1437831 1437832
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-31 09:24 UTC by Martin Prpič
Modified: 2019-08-26 14:41 UTC (History)
12 users (show)

Fixed In Version: phpMyAdmin 4.0.10.20, phpMyAdmin 4.7.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Martin Prpič 2017-03-31 09:24:42 UTC
A vulnerability was discovered where the restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions. This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default).
This behavior depends on the PHP version used (it seems PHP 5 is affected, while PHP 7.0 is not).

Mitigation:

Set a password for all users.

Affected versions:

Version 4.0 prior to 4.0.10.20
Version 4.4 (no longer supported)
Version 4.6 (no longer supported)
Version 4.7.0-beta1 and 4.7.0-rc1

Upstream patches:

https://github.com/phpmyadmin/phpmyadmin
https://github.com/phpmyadmin/phpmyadmin/commit/b6ca92cc75c8a16001425be7881e73430bcc35b8
https://github.com/phpmyadmin/phpmyadmin/commit/7232271a379396ca1d4b083af051262057003c41

External References:

https://www.phpmyadmin.net/security/PMASA-2017-8/

Comment 2 Martin Prpič 2017-03-31 09:26:38 UTC
Created phpMyAdmin tracking bugs for this issue:

Affects: fedora-all [bug 1437829]
Affects: epel-all [bug 1437830]

Comment 3 Martin Prpič 2017-03-31 09:26:47 UTC
Created phpMyAdmin4 tracking bugs for this issue:

Affects: epel-5 [bug 1437831]


Note You need to log in before you can comment on or make changes to this bug.