ID CVE-2003-1394
Summary CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file.
References
Vulnerable Configurations
  • cpe:2.3:a:coffeecup_software:coffeecup_password_wizard:*:*:*:*:*:*:*:*
    cpe:2.3:a:coffeecup_software:coffeecup_password_wizard:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-07-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 6995
bugtraq 20030228 Easy obtaining User+Pass+More on CoffeeCup Password Wizard All Versions
sreason 3259
xf coffeecup-password-file-retrieval(11447)
Last major update 29-07-2017 - 01:29
Published 31-12-2003 - 05:00
Back to Top