High severity7.5NVD Advisory· Published Sep 18, 2007· Updated Apr 23, 2026

CVE-2007-4961

Description

The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server.

Affected products

Linden Lab/Second Life
cpe:2.3:a:lindenlab:second_life:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.gnucitizen.org/blog/ie-pwns-secondlifenvdExploit
osvdb.org/45947nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000