WWWBoard Password Database Disclosure Vulnerability
BID:12453
Info
WWWBoard Password Database Disclosure Vulnerability
| Bugtraq ID: | 12453 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 05 2005 12:00AM |
| Updated: | Feb 05 2005 12:00AM |
| Credit: | The discoverer of this vulnerability is not known. |
| Vulnerable: |
Matt Wright WWWBoard 2.0 Alpha 2.1 Matt Wright WWWBoard 2.0 Alpha 2 |
| Not Vulnerable: | |
Discussion
WWWBoard Password Database Disclosure Vulnerability
WWWBoard does not sufficiently secure the password database file. This issue is due to lack of access controls to prevent remote users from requesting the database file. It is possible for remote attackers to request the database file and gain access to sensitive information such as encrypted administrative credentials for WWWBoard.
WWWBoard does not sufficiently secure the password database file. This issue is due to lack of access controls to prevent remote users from requesting the database file. It is possible for remote attackers to request the database file and gain access to sensitive information such as encrypted administrative credentials for WWWBoard.
Exploit / POC
WWWBoard Password Database Disclosure Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
WWWBoard Password Database Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.