Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2524


Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2524
Last Modified 05 Sep 2008 04:44:22
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form.

Vulnerable Systems


  • Whm Autopilot 2.4.5


SECUNIA - 12200

XF - whmautopilot-clogin-gain-access(16849)

BID - 10846

OSVDB - 8279

SECTRACK - 1010833

FULLDISC - 20040802 Benchmark Designs' WHM Autopilot backdoor vulnerability to plain-text password.

Last Updated: 27 May 2016 10:39:30