Vulnerabilities > CVE-2004-2578 - Information Disclosure vulnerability in PHPGroupWare Plaintext Cookie Authentication Credentials
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.
Vulnerable Configurations
Nessus
NASL family | CGI abuses |
NASL id | PHPGROUPWARE_PLAINTEXT_COOKIE_AUTH_VULN.NASL |
description | The version of PhpGroupWare installed on the remote host is reported to be affected by a plaintext cookie authentication credentials information disclosure vulnerability. If web administration of PhpGroupWare is not conducted over an encrypted link, an attacker with the ability to sniff network traffic could easily retrieve these passwords. This may aid the attacker in further system compromise. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14293 |
published | 2004-08-17 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14293 |
title | phpGroupWare Admin/Setup Password Plaintext Cookie Storage |
code |
|