Vulnerabilities > CVE-2006-5018 - Information Disclosure vulnerability in ContentKeeper Accounts Password
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
ContentKeeper 123.25 and earlier places passwords in cleartext in an INPUT element in cgi-bin/ck/changepw.cgi, which allows remote authenticated users to obtain passwords via this URI.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://securityreason.com/securityalert/1639
- http://securitytracker.com/id?1016915
- http://www.aushack.com/advisories/200606-contentkeeper.txt
- http://www.securityfocus.com/archive/1/446719/100/0/threaded
- http://www.securityfocus.com/bid/20152
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29113