Vulnerability   
Search   
    Search 210752 CVE descriptions
and 93608 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.15911
Category:CGI abuses
Title:paFileDB password hash disclosure
Summary:NOSUMMARY
Description:Description:

The remote host is using paFileDB which is a PHP based
database of files.

According to its version number, the remote version of this software
is vulnerable to an attack that would allow users to view the
password hash of user accounts, including administrator account.

The vulnerability exists when session based authentication is performed.

This vulnerability is reported to be present in version 3.1 or lower.
This may allow an attacker to perform brute force attack on the password
hash and gain access to account information.

Solution: Upgrade to version 3.2 of paFileDB when available
Risk factor : High

Cross-Ref: BugTraq ID: 11818
Common Vulnerability Exposure (CVE) ID: CVE-2004-1219
http://www.securityfocus.com/bid/11818
Bugtraq: 20041207 Multiple Vulnerabilities in paFileDB 3.1 (Google Search)
http://marc.info/?l=bugtraq&m=110245123927025&w=2
http://echo.or.id/adv/adv09-y3dips-2004.txt
XForce ISS Database: pafiledb-session-information-disclosure(18364)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18364
CopyrightThis script is Copyright (C) 2004 Tenable Network Security

This is only one of 93608 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.