What is CVE-2000-1230?

CVE-2000-1230 is a publicly disclosed cybersecurity vulnerability with a MEDIUM severity rating and CVSS score of 5.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-2000-1230

MEDIUM5.0/ 10.0

Published: December 31, 2000 at 05:00 AM

Modified: April 3, 2025 at 01:03 AM

Source: cve@mitre.org

Vulnerability Description

Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman".

CVSS Metrics

Base Score

5.0

Severity

MEDIUM

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses (CWE)

NVD-CWE-Other

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

Phorum 3.0.7 contains a critical backdoor vulnerability in its auth.php3 file, allowing unauthorized remote access to restricted web pages. This vulnerability, triggered by a specific PHP_AUTH_USER value, grants attackers unrestricted access, potentially leading to data breaches and system compromise.

02 // Vulnerability Mechanism

Step 1: Request Initiation: The attacker crafts an HTTP request to a restricted page within the vulnerable Phorum installation.

Step 2: Header Injection: The attacker includes the PHP_AUTH_USER HTTP header in the request, setting its value to "boogieman".

Step 3: Authentication Bypass: The auth.php3 script receives the request and, due to the vulnerability, checks the PHP_AUTH_USER header. It finds the value "boogieman".

Step 4: Access Granted: The script, without further authentication, grants the attacker access to the restricted resource, effectively bypassing the intended security measures.

03 // Deep Technical Analysis

The vulnerability stems from a flawed authentication mechanism within auth.php3. The code directly checks the PHP_AUTH_USER HTTP header for the hardcoded value "boogieman" without proper authorization checks. This bypasses the intended authentication process, granting access to restricted resources. The root cause is a lack of secure authentication implementation and the presence of a hardcoded, easily guessable backdoor credential. The vulnerability is a simple logic flaw, not a complex technical exploit like a buffer overflow or race condition.