PT-2009-1324 · Constructr · Constructr Cms
Fuzion
·
Publicado
2009-01-05
·
Atualizado
2017-09-29
·
CVE-2008-5847
CVSS v2.0
2.6
Baixa
| Vetor | AV:N/AC:H/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Constructr CMS versions 3.02.5 and earlier
Description
The issue allows context-dependent attackers to obtain sensitive information by reading the hash column in a MySQL database, as passwords are stored in cleartext.
Recommendations
For Constructr CMS versions 3.02.5 and earlier, consider updating the password storage mechanism to hash and salt passwords, and restrict access to the MySQL database to minimize the risk of exploitation.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Constructr Cms