CVE-2005-0695

Name of the Vulnerable Software and Affected Versions Hosting Controller versions 6.1 Hotfix 1.7 and earlier

Description The password recovery feature in the vulnerable software allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the login ID field in the "forgotpassword.asp" page.

Recommendations For Hosting Controller versions 6.1 Hotfix 1.7 and earlier, consider disabling the password recovery feature or restricting access to the "forgotpassword.asp" page until a fix is available. As a temporary workaround, avoid using the login ID field with partial domain names to minimize the risk of exploitation.