 |
|
|
|
| Vulnerability details : |
| |
 |
|
Adobe Contribute Publishing Server Installation Logfile Password Disclosure |
|
|
Fiche créée le 2006-10-11 19:51:57, dernière mise à jour le 2008-03-02 23:59:05
Adobe Contribute Publishing Server contains a flaw that may lead to an unauthorized password exposure. It is possible to gain administrator access by accessing plaintext passwords that are stored in the "installvariables.properties" log file. This file is created during the installation process.
|
| |
| Adobe Systems Incorporated 1.x Affected | | | Attack Type : Cryptographic
weak encryption (implementation or algorithm), no encryption (plaintext), sniffing. | Découvert le 2006-10-10 19:48:56
| Attack Type : Information Disclosure
comments, passwords, fingerprinting, system information. | | | | Disclosure : OSVDB Verified | Confirmé le 2006-10-10 19:48:56
| | Exploit : Exploit Public | Exploit découvert le 2006-10-10 07:00:00
| Impact : Loss of Confidentiality
Assurance that data is protected and not disclosed to an unauthorized party.
Examples: password disclosures, server information, environment variables, confirmation of file existence, path disclosure, file content access, some SQL injection. | | | Location : Remote / Network Access
If network access if required and exploit can be done remotely. | | |
| |
| External refs : |
| OSVDB 29672 | | | | | | | | | | | | | | |
| |
| |
| |
| |
|
|
|
|
| Free consultation (search) |
|
|
|
|
|
| |
|
|
|
