SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   paBox Vendors:   PHP Arena
paBox May Disclose the Administrator's Password in a Cookie
SecurityTracker Alert ID:  1007540
SecurityTracker URL:  http://securitytracker.com/id/1007540
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 20 2003
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 1.6
Description:   CyberTalon reported an information disclosure vulnerability in paBox. A local or remote user may be able to view the administrator's password.

It is reported that the after successful authentication, the server stores the administrator's username and password in clear text in a cookie on the administrator's browser. A remote user that is monitoring the network can view the password. A local user may also be able to view the password.

Impact:   A remote user monitoring the network may be able to obtain the administrator's password.

A local user may be able to view the administrator's password.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.phparena.net/pabox.php (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  paBox 1.6 stores admin's username and password in a plain-text cookie


  paBox 1.6 stores admin's username and password in a plain-text cookie
                           Found by: CyberTalon

1. Problem
2. Solution
3. Info

1. paBox 1.6 stores the administrator's username and password, in

plain-text in a cookie locally after logging in. Example:

cookie[user]
username
site.loggedinto.com/pabox/
1024
3544852096
29583074
1747320064
29582966
*
cookie[pass]
password
site.loggedinto.com/pabox/
1024
3544852096
29583074
1747420064
29582966
*


2. They need to use encrpytion when storing sensitive information like-so.

3. Vendors URL: http://www.phparena.net/pabox.php

-CT

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC