CuteCast Forum Discloses Passwords to Remote Users
|
|
SecurityTracker Alert ID: 1005580 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 8 2002
|
Impact: Disclosure of authentication information, User access via network
|
Exploit Included: Yes
|
Version(s): 1.2
|
Description: A password disclosure vulnerability was reported in CuteCast Forum. A remote user can view passwords for each user on the system.
It is reported that the software stores the passwords in plain text. Also, a remote user can view the password using the following type of URL:
http://[target]/cgi-bin/cutecast/members/<username>.user
|
Impact: A remote user can view passwords on the bulletin board system.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.artscore.net/cutecast/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: "Zero-X www.lobnan.de Team" <zero-x@linuxmail.org>
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 08 Nov 2002 03:52:02 +0800
From: "Zero-X www.lobnan.de Team" <zero-x@linuxmail.org>
Subject: Vulnerability in Cutecast Forum v1.2
|
Vulnerability in Cutecast Forum v1.2
You can read passwords of all users. (Passwords in Plaintext)
Exploit:
http://www.website.com/cgi-bin/cutecast/members/<username>.user
Zero X, member of www.lobnan.de
--
______________________________________________
http://www.linuxmail.org/
Now with POP3/IMAP access for only US$19.95/yr
Powered by Outblaze
|
|
