CuteCast Forum Discloses Passwords to Remote Users
|
|
SecurityTracker Alert ID: 1005580 |
|
SecurityTracker URL: http://securitytracker.com/id/1005580
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 8 2002
|
Impact:
Disclosure of authentication information, User access via network
|
Exploit Included: Yes
|
Version(s): 1.2
|
Description:
A password disclosure vulnerability was reported in CuteCast Forum. A remote user can view passwords for each user on the system.
It is reported that the software stores the passwords in plain text. Also, a remote user can view the password using the following type of URL:
http://[target]/cgi-bin/cutecast/members/<username>.user
|
Impact:
A remote user can view passwords on the bulletin board system.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.artscore.net/cutecast/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 08 Nov 2002 03:52:02 +0800
Subject: Vulnerability in Cutecast Forum v1.2
|
Vulnerability in Cutecast Forum v1.2
You can read passwords of all users. (Passwords in Plaintext)
Exploit:
http://www.website.com/cgi-bin/cutecast/members/<username>.user
Zero X, member of www.lobnan.de
--
______________________________________________
http://www.linuxmail.org/
Now with POP3/IMAP access for only US$19.95/yr
Powered by Outblaze
|
|
