Cocktail Admin Password Disclosure Vulnerability
BID:13449
Info
Cocktail Admin Password Disclosure Vulnerability
| Bugtraq ID: | 13449 |
| Class: | Design Error |
| CVE: |
CVE-2005-1387 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 29 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovered by sonderling <[email protected]>. |
| Vulnerable: |
Cocktail Cocktail 3.5.4 |
| Not Vulnerable: | |
Discussion
Cocktail Admin Password Disclosure Vulnerability
Cocktail pipes the computer's Admin password to command line utilities in an insecure manner allowing potential disclosure of the password.
This issue was reported to affect Cocktail 3.5.4. Other versions are likely vulnerable.
Cocktail pipes the computer's Admin password to command line utilities in an insecure manner allowing potential disclosure of the password.
This issue was reported to affect Cocktail 3.5.4. Other versions are likely vulnerable.
Exploit / POC
Cocktail Admin Password Disclosure Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Cocktail Admin Password Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Cocktail Admin Password Disclosure Vulnerability
References:
References:
- Home Page (Cocktail)
- Mac OS X Cocktail 3.5.4 admin password disclosure ("sonderling"
)