Unrated severityNVD Advisory· Published Dec 21, 2005· Updated Apr 16, 2026

CVE-2005-4448

Description

FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie.

Affected products

Flatnuke/Flatnuke
cpe:2.3:a:flatnuke:flatnuke:2.5.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securitytracker.com/idnvdExploit
www.securityfocus.com/archive/1/419107nvdExploit
www.securityfocus.com/bid/15796nvdExploit
cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelognvd
exchange.xforce.ibmcloud.com/vulnerabilities/22159nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000