### [CVE-2005-0408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0408)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable.

### POC

#### Reference
- http://www.redteam-pentesting.de/advisories/rt-sa-2005-002.txt

#### Github
No PoCs found on GitHub currently.