|Title:||paFileDB password hash disclosure|
The remote host is using paFileDB which is a PHP based
database of files.
According to its version number, the remote version of this software
is vulnerable to an attack that would allow users to view the
password hash of user accounts, including administrator account.
The vulnerability exists when session based authentication is performed.
This vulnerability is reported to be present in version 3.1 or lower.
This may allow an attacker to perform brute force attack on the password
hash and gain access to account information.
Solution: Upgrade to version 3.2 of paFileDB when available
Risk factor : High
BugTraq ID: 11818|
Common Vulnerability Exposure (CVE) ID: CVE-2004-1219
Bugtraq: 20041207 Multiple Vulnerabilities in paFileDB 3.1 (Google Search)
XForce ISS Database: pafiledb-session-information-disclosure(18364)
|Copyright||This script is Copyright (C) 2004 Tenable Network Security|
|This is only one of 93608 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.