Vulnerabilities > CVE-2002-1479 - Unspecified vulnerability in the Cacti Group Cacti

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

the-cacti-group

NVD

Published: 2003-04-22

Updated: 2024-02-14

Summary

Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.

Vulnerable Configurations

Part	Description	Count
Application	The_Cacti_Group THE Cacti Group Cacti 0.5 THE Cacti Group Cacti 0.6.7 THE Cacti Group Cacti 0.6.4 THE Cacti Group Cacti 0.6.1 THE Cacti Group Cacti 0.6 THE Cacti Group Cacti 0.6.6 THE Cacti Group Cacti 0.6.5 THE Cacti Group Cacti 0.6.3 THE Cacti Group Cacti 0.6.8 THE Cacti Group Cacti 0.6.2	10

References

http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html
http://www.iss.net/security_center/static/10049.php
http://www.securityfocus.com/bid/5628
http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt