ID CVE-2011-3198
Summary Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments.
References
Vulnerable Configurations
  • cpe:2.3:a:gplhost:domain_technologie_control:0.24.6:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.24.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.25.1:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.25.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.25.2:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.25.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.25.3:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.25.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.26.7:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.26.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.26.8:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.26.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.26.9:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.26.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.27.3:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.27.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.28.2:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.28.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.28.3:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.28.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.28.4:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.28.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.28.6:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.28.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.28.9:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.28.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.28.10:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.28.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.29.1:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.29.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.29.6:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.29.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.29.8:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.29.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.29.10:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.29.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.29.14:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.29.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.29.15:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.29.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.29.16:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.29.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.29.17:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.29.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.30.6:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.30.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.30.8:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.30.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.30.10:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.30.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.30.18:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.30.18:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.30.20:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.30.20:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.32.1:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.32.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.32.2:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.32.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.32.3:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.32.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.32.4:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.32.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.32.5:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.32.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.32.6:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.32.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:0.32.7:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:0.32.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gplhost:domain_technologie_control:*:*:*:*:*:*:*:*
    cpe:2.3:a:gplhost:domain_technologie_control:*:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 21-03-2014 - 14:44)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
refmap via4
confirm
debian DSA-2365
mlist
  • [oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc
  • [oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc
Last major update 21-03-2014 - 14:44
Published 21-03-2014 - 04:38
Last modified 21-03-2014 - 14:44
Back to Top