Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2578

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2578
Last Modified 10 Sep 2008 03:34:06
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2578

Summary

phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.

Vulnerable Systems

Application

  • Phpgroupware 0.9.1

  • Phpgroupware 0.9.10

  • Phpgroupware 0.9.12

  • Phpgroupware 0.9.13

  • Phpgroupware 0.9.14.003

  • Phpgroupware 0.9.14.005

  • Phpgroupware 0.9.14.006

  • Phpgroupware 0.9.14.007

  • Phpgroupware 0.9.16.000

  • Phpgroupware 0.9.16.001

  • Phpgroupware 0.9.2

  • Phpgroupware 0.9.3

  • Phpgroupware 0.9.4

  • Phpgroupware 0.9.5

  • Phpgroupware 0.9.6

  • Phpgroupware 0.9.7

  • Phpgroupware 0.9.8

  • Phpgroupware 0.9.9

  • Phpgroupware 0.9.9 Pl1


References

XF - phpgroupware-plaintext-password(16970)

BID - 10895

OSVDB - 8354


Last Updated: 27 May 2016 10:39:32