CVE: CVE-2007-4961

Export to Word

The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00364
Percentile: 0.57703

CVSS Scoring

CVSS v3.1 Score: 7.5

Severity: HIGH

Mapped CWE(s)

CWE-311 : Missing Encryption of Sensitive Data

All CAPEC(s)

CAPEC-157: Sniffing Attacks
CAPEC-158: Sniffing Network Traffic
CAPEC-204: Lifting Sensitive Data Embedded in Cache
CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-37: Retrieve Embedded Sensitive Data
CAPEC-383: Harvesting Information via API Event Monitoring
CAPEC-384: Application API Message Manipulation via Man-in-the-Middle
CAPEC-385: Transaction or Event Tampering via Application API Manipulation
CAPEC-386: Application API Navigation Remapping
CAPEC-387: Navigation Remapping To Propagate Malicious Content
CAPEC-388: Application API Button Hijacking
CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content
CAPEC-609: Cellular Traffic Intercept
CAPEC-65: Sniff Application Code

CAPEC(s) with Mapped TTPs

CAPEC-158: Sniffing Network Traffic
Mapped TTPs:
- T1040 : Network Sniffing
- T1111 : Multi-Factor Authentication Interception
CAPEC-204: Lifting Sensitive Data Embedded in Cache
Mapped TTPs:
- T1005 : Data from Local System
CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
Mapped TTPs:
- T1539 : Steal Web Session Cookie
CAPEC-37: Retrieve Embedded Sensitive Data
Mapped TTPs:
- T1005 : Data from Local System
- T1552.004 : Private Keys
CAPEC-383: Harvesting Information via API Event Monitoring
Mapped TTPs:
- T1056.004 : Credential API Hooking
CAPEC-609: Cellular Traffic Intercept
Mapped TTPs:
- T1111 : Multi-Factor Authentication Interception
CAPEC-65: Sniff Application Code
Mapped TTPs:
- T1040 : Network Sniffing

Mapped ATT&CK TTPs

T1040 : Network Sniffing
Kill Chain: credential-access
T1111 : Multi-Factor Authentication Interception
Kill Chain: credential-access
T1005 : Data from Local System
Kill Chain: collection
T1539 : Steal Web Session Cookie
Kill Chain: credential-access
T1005 : Data from Local System
Kill Chain: collection
T1552.004 : Private Keys
Kill Chain: credential-access
T1056.004 : Credential API Hooking
Kill Chain: collection
T1111 : Multi-Factor Authentication Interception
Kill Chain: credential-access
T1040 : Network Sniffing
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

Operation Wocao
ArcaneDoor
SolarWinds Compromise
Operation CuckooBees
CostaRicto
Operation Honeybee
2015 Ukraine Electric Power Attack
Operation Dream Job
C0015
Frankenstein
Night Dragon
Leviathan Australian Intrusions
Operation MidnightEclipse
C0017
Cutting Edge
C0026

Affected Products

cpe:2.3:a:lindenlab:second_life:-:*:*:*:*:*:*:*

← Back to Home