CVE-2004-1647
Description
SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- cpe:2.3:a:web_animations:password_protect:*:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
Root cause
"Missing input sanitization in ASP scripts allows SQL injection via user-supplied parameters."
Attack vector
An unauthenticated remote attacker sends crafted HTTP GET requests to the affected ASP scripts with SQL injection payloads in the vulnerable parameters [ref_id=1]. For example, supplying a SQL injection string in the admin or Pass parameter of index_next.asp can bypass authentication and log the attacker in as admin. The same technique in CPassChangePassword.asp, users_edit.asp, or users_add.asp allows arbitrary SQL statement execution against the backend database [ref_id=1].
Affected code
The advisory identifies multiple ASP scripts as vulnerable: index_next.asp (admin and Pass parameters), CPassChangePassword.asp (LoginId, OPass, NPass parameters), users_edit.asp, and users_add.asp [ref_id=1]. All are part of the Password Protect application by Web Animations.
What the fix does
The advisory states the vendor was contacted on August 6, 2004, and did not respond [ref_id=1]. No patch is published in the bundle. The remediation would require the application to sanitize or parameterize all user-supplied input before constructing SQL queries, preventing injection of arbitrary SQL statements.
Preconditions
- configThe target must be running Password Protect on a Windows platform with ASP support and a SQL backend.
- networkThe attacker must be able to send HTTP requests to the affected ASP scripts (no authentication required).
- inputThe vulnerable parameters (admin, Pass, LoginId, OPass, NPass, etc.) must be accepted without sanitization.
Reproduction
The advisory provides example attack vectors but no step-by-step reproduction script [ref_id=1]. The referenced proof-of-concept at http://www.criolabs.net/advisories/passprotect.txt is not included in the bundle. A public PoC reference at http://www.securityfocus.com/bid/11073 is listed but its contents are not provided.
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- www.securityfocus.com/bid/11073nvdExploitVendor Advisory
- secunia.com/advisories/12407nvdVendor Advisory
- www.criolabs.net/advisories/passprotect.txtnvdURL Repurposed
- marc.infonvd
- exchange.xforce.ibmcloud.com/vulnerabilities/17188nvd
News mentions
0No linked articles in our index yet.