https://cxsecurity.com/issue/WLB-2007100097
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-254

InvisionPowerServicesInvisionBoard1.0至1.1.1版本存在漏洞，当一个论坛的密码被保护时，该软件在cookie中以明文的方式存储该管理员密码，远程攻击者利用该漏洞获取访问权限。

Invision Power Board Plaintext Password Disclosure Vuln

-------------------------------------------------------

Version: All?

Problem: Invision Power Board gives an admin the option

to create a pass protected forum. The problem with this

is that the password is then stored in the cookie fully

readable as it is shown in plaintext.

Credits: All credit goes to JeiAr of GulfTech Computers

来源:XF
名称:invision-admin-plaintext-password(11871)
链接:http://xforce.iss.net/xforce/xfdb/11871
来源:BID
名称:7440
链接:http://www.securityfocus.com/bid/7440
来源:BUGTRAQ
名称:20030425InvisionPowerBoardPlaintextPasswordDisclosureVuln
链接:http://www.securityfocus.com/archive/1/319747
来源:SREASON
名称:3276
链接:http://securityreason.com/securityalert/3276