SecurityTracker.com Archives - BUGS Discloses Database Credentials to Remote Users

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > BUGS - The Bug Genie

Vendors: bugs-bug-genie.sourceforge.net

BUGS Discloses Database Credentials to Remote Users

SecurityTracker Alert ID: 1008758

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Jan 19 2004

Impact: Disclosure of authentication information, User access via network

Fix Available: Yes Exploit Included: Yes Vendor Confirmed: Yes

Version(s): prior to 1.2

Description: A vulnerability was reported in BUGS. A remote user can view database authentication credentials.

It is reported that a remote user can directly request the 'bugs/userbase_connect.inc' file to view database credentials.

Impact: A remote user can view the database credentials.

Solution: The vendor has released a fixed version (1.2), available at:

http://sourceforge.net/project/showfiles.php?group_id=89533

Vendor URL: bugs-bug-genie.sourceforge.net/ (Links to External Site)

Cause: Access control error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Message History: None.

Source Message Contents

Date: Mon, 19 Jan 2004 01:41:56 -0500
Subject: http://bugs-bug-genie.sourceforge.net/changelog_1.2.txt

 

http://bugs-bug-genie.sourceforge.net/changelog_1.2.txt

 > FIXED:

 >    GENERAL:
 >        Fixed a security bug where people could see the database credentials.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2004, SecurityGlobal.net LLC