CVE-2004-2578

Name of the Vulnerable Software and Affected Versions phpGroupWare versions prior to 0.9.16.002

Description The issue concerns the transmission of sensitive information in plaintext. Specifically, the header admin and setup passwords are sent via cookies without encryption, allowing remote attackers to intercept these passwords through sniffing.

Recommendations For versions prior to 0.9.16.002, update to version 0.9.16.002 or later to resolve the issue. As a temporary workaround, consider restricting access to the application to minimize the risk of password interception. Avoid using the application over unsecured networks until the update is applied.