CVE-2006-0153
Description
427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Patches
Vulnerability mechanics
Root cause
"Authentication relies entirely on client-controlled cookie values (username, authenticated, usertype) without server-side password verification."
Attack vector
An attacker can bypass authentication by setting three cookies: username (any valid username), authenticated=1, and usertype (e.g., admin) [ref_id=1]. No password is required because the forum scripts never compare the supplied credentials against a stored password hash [ref_id=1]. The attacker simply crafts a cookie header with these values and sends it to login.php or getvars.php to gain access as the targeted user.
Affected code
The vulnerable scripts are login.php and getvars.php [ref_id=1]. These scripts check only three cookie values — username, authenticated, and usertype — without performing any password comparison [ref_id=1].
What the fix does
No patch or fix has been published for this vulnerability [ref_id=1]. The advisory notes that no solution is available and recommends checking the vendor's website for updates [ref_id=1].
Preconditions
- inputAttacker must know or guess a valid username on the forum (e.g., 'admin').
- networkAttacker must be able to set arbitrary cookie values in requests to the server.
Reproduction
Set the following cookies in a request to any protected page (e.g., login.php or getvars.php): `username=admin; authenticated=1; usertype=admin;` [ref_id=1]. The application will grant access as the user "admin" without requiring a password [ref_id=1].
Generated on Jun 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- evuln.com/vulns/18/summary.htmlnvdExploitVendor Advisory
- www.securityfocus.com/bid/16178nvdExploit
- secunia.com/advisories/18354nvdVendor Advisory
- www.osvdb.org/22274nvd
- www.securityfocus.com/archive/1/421326/100/0/threadednvd
- www.vupen.com/english/advisories/2006/0091nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24038nvd
News mentions
0No linked articles in our index yet.