SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   CuteCast Vendors:   ArtsCore Studios
CuteCast Forum Discloses Passwords to Remote Users
SecurityTracker Alert ID:  1005580
SecurityTracker URL:  http://securitytracker.com/id/1005580
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 8 2002
Impact:   Disclosure of authentication information, User access via network
Exploit Included:  Yes  
Version(s): 1.2
Description:   A password disclosure vulnerability was reported in CuteCast Forum. A remote user can view passwords for each user on the system.

It is reported that the software stores the passwords in plain text. Also, a remote user can view the password using the following type of URL:

http://[target]/cgi-bin/cutecast/members/<username>.user

Impact:   A remote user can view passwords on the bulletin board system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.artscore.net/cutecast/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Vulnerability in Cutecast Forum v1.2


Vulnerability in Cutecast Forum v1.2

You can read passwords of all users. (Passwords in Plaintext)

Exploit:

http://www.website.com/cgi-bin/cutecast/members/<username>.user


Zero X, member of www.lobnan.de
-- 
______________________________________________
http://www.linuxmail.org/
Now with POP3/IMAP access for only US$19.95/yr

Powered by Outblaze

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC