Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2158

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-2158
Last Modified 25 Jun 2009 12:00:00
Published 22 Jun 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2158

Summary

account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack.

Vulnerable Systems

Application

  • Torrenttrader Classic 1.09


References

XF - torrenttrader-accountrecover-weak-security(51150)

MISC - http://www.waraxe.us/advisory-74.html

BID - 35369

BUGTRAQ - 20090615 [waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09

MILW0RM - 8958


Last Updated: 27 May 2016 10:50:48