Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2524

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2524
Last Modified 05 Sep 2008 04:44:22
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2524

Summary

clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form.

Vulnerable Systems

Application

  • Whm Autopilot 2.4.5


References

SECUNIA - 12200

XF - whmautopilot-clogin-gain-access(16849)

BID - 10846

OSVDB - 8279

SECTRACK - 1010833

FULLDISC - 20040802 Benchmark Designs' WHM Autopilot backdoor vulnerability to plain-text password.


Last Updated: 27 May 2016 10:39:30