Vulnerabilities > CVE-2002-2310 - Credentials Management vulnerability in Kryptronic Clickcartpro 4.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

kryptronic

CWE-255

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.

Vulnerable Configurations

Part	Description	Count
Application	Kryptronic Kryptronic Clickcartpro 4.0	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://securitytracker.com/id?1004825
http://www.iss.net/security_center/static/9648.php
http://www.securiteam.com/securitynews/5DP0T0K7PY.html