CVE-2010-5092 - The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plain

CVE-2010-5092

Summary

The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.

References

Vulnerable Configurations

cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*

CVSS

Base:	1.9 (as of 27-08-2012 - 04:00)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:N/A:N

refmap via4

confirm	http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1 http://open.silverstripe.org/changeset/107532
misc	http://open.silverstripe.org/ticket/5772
mlist	[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4 [oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4 [oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4

Last major update

27-08-2012 - 04:00

Published

26-08-2012 - 18:55

Last modified

27-08-2012 - 04:00