EasyNews PRO Discloses Password to Remote Users
|
SecurityTracker Alert ID: 1017457 |
SecurityTracker URL: http://securitytracker.com/id/1017457
|
CVE Reference:
CVE-2006-6866
(Links to External Site)
|
Updated: May 20 2008
|
Original Entry Date: Dec 29 2006
|
Impact:
Disclosure of authentication information
|
Exploit Included: Yes
|
Version(s): 4.0
|
Description:
A vulnerability was reported in EasyNews PRO. A remote user can determine the password.
A remote user can load the following URL to obtain the password:
http://[target]/[easy_news_path]/newsboard/data/users.txt
bd0rk discovered this vulnerability.
The original advisory is available at:
http://www.milw0rm.com/exploits/3039
|
Impact:
A remote user can determine the password.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.stphp.com/?id=4 (Links to External Site)
|
Cause:
Access control error, Configuration error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|