CVE Vulnerabilities

CVE-2005-1055

Published: Apr 10, 2005 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file.

Affected Software

Name Vendor Start Version End Version
Towerblog Towerblog 0.2 0.2
Towerblog Towerblog 0.6 0.6
Towerblog Towerblog 0.6_r1 0.6_r1
Towerblog Towerblog 0.4_r1 0.4_r1

References