TFT Gallery Administrator Password Information Disclosure Vulnerability
BID:17250
Info
TFT Gallery Administrator Password Information Disclosure Vulnerability
| Bugtraq ID: | 17250 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 27 2006 12:00AM |
| Updated: | Dec 04 2006 06:19PM |
| Credit: | undefined1 is credited with the discovery of this vulnerability. |
| Vulnerable: |
TFT Gallery TFT Gallery 0.10 |
| Not Vulnerable: | |
Discussion
TFT Gallery Administrator Password Information Disclosure Vulnerability
TFT Gallery is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to do proper access validation before granting access to sensitive and privileged information.
An attacker can exploit this vulnerability to obtain the application's administrative encrypted password. The attacker may then use this to carry out brute-force attacks to gain administrative access.
Information that the attacker obtains may aid in further attacks against the underlying system; other attacks are also possible.
TFT Gallery is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to do proper access validation before granting access to sensitive and privileged information.
An attacker can exploit this vulnerability to obtain the application's administrative encrypted password. The attacker may then use this to carry out brute-force attacks to gain administrative access.
Information that the attacker obtains may aid in further attacks against the underlying system; other attacks are also possible.
Exploit / POC
TFT Gallery Administrator Password Information Disclosure Vulnerability
An example exploit has been provided:
An example exploit has been provided:
Solution / Fix
TFT Gallery Administrator Password Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
TFT Gallery Administrator Password Information Disclosure Vulnerability
References:
References:
- TFT Gallery Web Site (TFT Gallery)
- Multiple bugs in TFT-Gallery ([email protected])