Vulnerabilities > CVE-2010-0124 - Credentials Management vulnerability in Timeclock-Software Employee Timeclock Software 0.99

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

timeclock-software

CWE-255

NVD

Published: 2010-03-15

Updated: 2018-10-10

Summary

Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

Vulnerable Configurations

Part	Description	Count
Application	Timeclock-Software Timeclock Software Employee Timeclock Software 0.99	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://secunia.com/advisories/38739
http://secunia.com/secunia_research/2010-12/
http://www.osvdb.org/62830
http://www.securityfocus.com/archive/1/509996/100/0/threaded
http://www.securityfocus.com/bid/38642
https://exchange.xforce.ibmcloud.com/vulnerabilities/56800