|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Bitboard Administrator Password Hash Disclosure Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Jul 11 2003 - 07:41:03 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Bitboard Administrator Password Hash Disclosure Vulnerability
READ ONLINE:
http://www.secunia.com/advisories/9237/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
From remote
SOFTWARE:
Bitboard 2.x
DESCRIPTION:
An information disclosure vulnerability has been reported in
Bitboard, which can be exploited by malicious people to gain
knowledge of the administrator password hash.
The vulnerability is caused due to an access control error allowing
anyone to access "data_passwd.dat" in the "admin/" directory, which
contains the hash of the administrator's password. It may then be
possible to identify the password by brute forcing it using a
dictionary attack.
SOLUTION:
Reportedly, the vendor has stated that the issue will be fixed in the
next version.
Restrict access to the "admin/" directory and use strong passwords.
REPORTED BY / CREDITS:
Marc Bromm
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]