TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Towerblog | Towerblog | 0.2 (including) | 0.2 (including) |
| Towerblog | Towerblog | 0.4_r1 (including) | 0.4_r1 (including) |
| Towerblog | Towerblog | 0.6 (including) | 0.6 (including) |
| Towerblog | Towerblog | 0.6_r1 (including) | 0.6_r1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=111323802003019\u0026w=2
- http://secunia.com/advisories/14884
- http://securitytracker.com/id?1013675
- http://www.osvdb.org/15425
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20039
- http://marc.info/?l=bugtraq\u0026m=111323802003019\u0026w=2
- http://secunia.com/advisories/14884
- http://securitytracker.com/id?1013675
- http://www.osvdb.org/15425
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20039