CVE Vulnerabilities

CVE-2002-1479

Published: Apr 22, 2003 | Modified: Jul 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.

Affected Software

Name Vendor Start Version End Version
Cacti The_cacti_group 0.5 0.5
Cacti The_cacti_group 0.6.7 0.6.7
Cacti The_cacti_group 0.6.4 0.6.4
Cacti The_cacti_group 0.6.1 0.6.1
Cacti The_cacti_group 0.6 0.6
Cacti The_cacti_group 0.6.6 0.6.6
Cacti The_cacti_group 0.6.5 0.6.5
Cacti The_cacti_group 0.6.3 0.6.3
Cacti The_cacti_group 0.6.8 0.6.8
Cacti The_cacti_group 0.6.2 0.6.2

References