RedHat 6.2 – Piranha Virtual Server Package Plaintext Password

RedHat 6.2 – Piranha Virtual Server Package Plaintext Password

漏洞ID 1053448 漏洞类型
发布时间 2000-06-09 更新时间 2000-06-09
图片[1]-RedHat 6.2 – Piranha Virtual Server Package Plaintext Password-安全小百科CVE编号 N/A
图片[2]-RedHat 6.2 – Piranha Virtual Server Package Plaintext Password-安全小百科CNNVD-ID N/A
漏洞平台 Linux CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/20021
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/1367/info

Password changes submitted to Red Hat Piranha via HTTP are insecurely passed as variables in a GET request. Unauthorized users could obtain the password by reading the httpd access log or by sniffing.

---------[from /etc/httpd/logs/access_log]-----------
...
127.0.0.1 - piranha [19/May/2000:14:00:48 +0200] "GET
/piranha/secure/passwd.php3?try1=xxx&try2=xxx&passwd=ACCEPT HTTP/1.0" 200
3120
127.0.0.1 - piranha [19/May/2000:14:01:03 +0200] "GET
/piranha/secure/passwd.php3?try1=yyy&try2=yyy&passwd=ACCEPT HTTP/1.0" 200
3120
127.0.0.1 - piranha [19/May/2000:20:58:50 +0200] "GET
/piranha/secure/passwd.php3?try1=arkth&try2=arkth&passwd=ACCEPT
HTTP/1.0" 200 3120
...

相关推荐: Netscape Enterprise & FastTrack Authentication Buffer Overflow Vulnerability

Netscape Enterprise & FastTrack Authentication Buffer Overflow Vulnerability 漏洞ID 1104487 漏洞类型 Boundary Condition Error 发布时间 1…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享