HyperBook Guestbook GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability

Bugtraq ID:	22754
Class:	Design Error
CVE:	CVE-2007-1192
Remote:	Yes
Local:	No
Published:	Feb 28 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Serkan By is credited with the discovery of this vulnerability.
Vulnerable:	Thomas R. Pasawicz Hyperbook Guestbook 1.3
Not Vulnerable:

HyperBook Guestbook GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability

HyperBook Guestbook is prone to an information-disclosure vulnerability because the application fails to protect sensitive information.

An attacker can exploit this issue to access sensitive information that may lead to other attacks.

This issue affects version 1.3.0; other versions may also be affected.

HyperBook Guestbook GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/22754.py

HyperBook Guestbook GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

HyperBook Guestbook GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability

References:

• HyperBook Guestbook Homepage (Thomas R. Pasawicz)