Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1055

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1055
Last Modified 05 Sep 2008 04:48:05
Published 10 Apr 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1055

Summary

TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file.

Vulnerable Systems

Application

  • Towerblog 0.2

  • Towerblog 0.4 R1

  • Towerblog 0.6

  • Towerblog 0.6 R1


References

SECTRACK - 1013675

XF - towerblog-datlogin-information-disclosure(20039)

SECUNIA - 14884

BUGTRAQ - 20050410 TowerBlog <= 0.6 Admin Account View [x0n3-h4ck]

OSVDB - 15425


Last Updated: 27 May 2016 10:40:01