CVE-2006-5018 - ContentKeeper 123.25 and earlier places passwords in cleartext in an INPUT element in cgi-bin/ck/cha

CVE-2006-5018

Summary

ContentKeeper 123.25 and earlier places passwords in cleartext in an INPUT element in cgi-bin/ck/changepw.cgi, which allows remote authenticated users to obtain passwords via this URI.

References

http://securityreason.com/securityalert/1639
http://securitytracker.com/id?1016915
http://www.aushack.com/advisories/200606-contentkeeper.txt
http://www.securityfocus.com/archive/1/446719/100/0/threaded
http://www.securityfocus.com/bid/20152
https://exchange.xforce.ibmcloud.com/vulnerabilities/29113

Vulnerable Configurations

cpe:2.3:a:contentkeeper_technologies:contentkeeper:*:*:*:*:*:*:*:*
cpe:2.3:a:contentkeeper_technologies:contentkeeper:*:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 17-10-2018 - 21:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:N/A:N

refmap via4

bid	20152
bugtraq	20060922 ContentKeeper Authenticated Access Password Disclosure
misc	http://www.aushack.com/advisories/200606-contentkeeper.txt
sectrack	1016915
sreason	1639
xf	contentkeeper-html-password-disclosure(29113)

Last major update

17-10-2018 - 21:40

Published

27-09-2006 - 23:07

Last modified

17-10-2018 - 21:40